enable key rotation for CMKs

Author: cyphronix

aws_sra_examples/solutions/genai/bedrock_org/lambda/src/sra_kms.py

@@ -71,7 +71,13 @@ def create_kms_key(self, kms_client: KMSClient, key_policy: str, description: st
             KeyUsage="ENCRYPT_DECRYPT",
             CustomerMasterKeySpec="SYMMETRIC_DEFAULT",
         )
-        return key_response["KeyMetadata"]["KeyId"]
+        key_id = key_response["KeyMetadata"]["KeyId"]
+
+        # Enable key rotation
+        self.LOGGER.info(f"Enabling key rotation for key: {key_id}")
+        kms_client.enable_key_rotation(KeyId=key_id)
+
+        return key_id
 
     def create_alias(self, kms_client: KMSClient, alias_name: str, target_key_id: str) -> None:
         """Create KMS alias.