Which type of keys should the developer use to meet these requirements?
Amazon S3 managed keys
Symmetric customer managed keys with key material that is generated by AWS
Asymmetric customer managed keys with key material that is generated by AWS
Symmetric customer managed keys with imported key material
Explanations:
Amazon S3 managed keys (SSE-S3) are managed by AWS and do not allow for automatic annual key rotation by the user. They do not provide control over the keys as required by the scenario.
Symmetric customer managed keys with key material generated by AWS support automatic annual rotation. They allow the company to manage their encryption keys using AWS KMS, meeting the requirement for encrypted data with automatic key rotation.
Asymmetric customer managed keys are not suitable for encrypting data in S3 since S3 requires symmetric keys for encryption. Additionally, AWS KMS does not support automatic rotation for asymmetric keys.
Symmetric customer managed keys with imported key material do not support automatic rotation, as the imported key material must be managed manually. This does not meet the requirement for automatic annual rotation of keys.