Configure AWS KMS to automatically publish notifications to an Amazon Simple Notification Service (SNS) topic when a key is older than 90 days.

Set up an Amazon EventBridge rule to trigger an AWS Lambda function that checks the AWS Trusted Advisor API for key rotation status and then sends a notification via Amazon SNS.

Create a custom AWS Config rule that monitors KMS key rotation and sends notifications to an Amazon SNS topic if a key is found to be unrotated for 90 days.

Utilize AWS Security Hub to monitor KMS key rotation and configure it to send notifications to an Amazon SNS topic when a key has not been rotated for 90 days.