You have been tasked with ensuring that the encryption keys for critical data storage services are automatically renewed periodically in compliance with company policy, which requires key regeneration every 12 months. What is the BEST method to accomplish this for data stored using an Amazon service that allows object storage?
Develop a routine operation process to generate a new encryption key and manually apply it to the object storage service annually
Schedule a CloudWatch Events rule to invoke a function to re-encrypt data in the object storage service using a new encryption key annually
Opt for the default encryption feature of the object storage service to manage key rotation automatically
Set the automatic rotation feature for the customer-managed key in the encryption key management service