A development team is tasked with storing sensitive customer data in Amazon S3 and needs to ensure that the data is encrypted while at rest. Additionally, it is imperative that the encryption keys used for this purpose are rotated at least once every year.

What is the simplest method to achieve this objective?