A security team needs to enforce rotation of all IAM users' access keys every 90 days. Keys older than 90 days must be automatically deactivated and removed. A solutions architect must create a remediation solution with minimal operational effort. Which solution meets these requirements?