The use of a customer-managed customer master key (CMK) in AWS Key Management Service (AWS KMS) meets the enterprise's requirement since it allows the users to create, manage, and rotate their own encryption keys according to their requirements. The CMKs can be rotated manually according to the company's rotation policy or disabled immediately in case of a security breach. AWS KMS automated rotation feature is applied only once yearly and does not provide the necessary control over the rotation frequency or immediate disablement of keys. AWS S3-Managed Keys (SSE-S3) and AWS Managed CMKs do not provide the capability for customer-managed rotation and immediate disablement of keys.