diff --git a/modules/cloudfront-logs/kms.tf b/modules/cloudfront-logs/kms.tf
index d4e1534..25c59b0 100644
--- a/modules/cloudfront-logs/kms.tf
+++ b/modules/cloudfront-logs/kms.tf
@@ -4,6 +4,7 @@ resource "aws_kms_key" "cloudwatch_logs_key" {
   description             = "KMS Key for ${var.log_group_name} log group"
   deletion_window_in_days = 10
   policy                  = data.aws_iam_policy_document.cloudwatch_logs_key_policy[0].json
+  enable_key_rotation = true
 }
 
 data "aws_iam_policy_document" "cloudwatch_logs_key_policy" {
diff --git a/modules/opennext-revalidation-queue/kms.tf b/modules/opennext-revalidation-queue/kms.tf
index fc566ad..8d6e247 100644
--- a/modules/opennext-revalidation-queue/kms.tf
+++ b/modules/opennext-revalidation-queue/kms.tf
@@ -10,6 +10,7 @@ resource "aws_kms_key" "revalidation_queue_key" {
   deletion_window_in_days = 10
 
   policy = data.aws_iam_policy_document.revalidation_queue_key_policy[0].json
+  enable_key_rotation = true
 }
 
 data "aws_iam_policy_document" "revalidation_queue_key_policy" {