A security engineer is tasked with designing a key management solution for Amazon Elastic Block Store (Amazon EBS) volumes containing sensitive data using AWS Key Management Service (AWS KMS). The solution must ensure that the key material automatically expires after 90 days. Which of the following AWS KMS key management options meets this requirement?