Your organization has classified certain datasets as highly sensitive. You are required to ensure that these datasets are encrypted at rest. How would you use AWS KMS to manage encryption keys and ensure compliance with this requirement?