KMS CMK rotation should be enabled¶
It is recommended that users enable rotation for the customer created AWS Customer Master Keys (CMK). Rotating encryption keys helps reduce the potential impact of a compromised key as users cannot use the old key to access the data.
Navigate to KMS.
In the left navigation, select Customer managed keys.
Select the customer created master key (CMK).
Select Key rotation and check the Automatically rotate this CMK every year.
Enable Key Rotation:
aws kms enable-key-rotation --key-id <kms_key_id>