A company is implementing an application that will use AWS KMS encryption keys. The company plans to create customer managed KMS keys within KMS and will not import any key material. The encryption keys should be rotated every 12 months. Which solution will meet these requirements?