Utilize AWS Secrets Manager to store all keys. Set up a rotation schedule in Secrets Manager to trigger an AWS Lambda function for generating new key pairs, replacing the public keys on EC2 instances, and updating the private keys in Secrets Manager.

Store all keys as strings in Parameter Store, part of AWS Systems Manager. Schedule a Systems Manager maintenance window to invoke an AWS Lambda function for generating new key pairs, replacing the public keys on EC2 instances, and updating the private keys in Parameter Store.

Import EC2 key pairs into AWS Key Management Service (AWS KMS) and enable automatic key rotation. Establish an Amazon EventBridge scheduled rule to trigger an AWS Lambda function for initiating key rotation in AWS KMS.

Integrate all EC2 instances with Fleet Manager, a feature of AWS Systems Manager. Configure a Systems Manager maintenance window to execute a Systems Manager Run Command document for generating new key pairs and rotating the public keys across all instances in Fleet Manager.