AWS managed keys (aws/s3) are automatically rotated every year (365 days). Customer managed keys allow you to set a custom rotation period (any length between 90 days and 10 years) but require enabling rotation. The key is that aws/s3 keys rotate automatically without any configuration.
However, the question says 'all encryption keys' and 'every 365 days' - both options can achieve that, but aws/s3 keys are automatically rotated, while customer managed keys need rotation enabled. The best practice is to use the most appropriate. But note: customer managed keys can be rotated automatically if you enable it.
The question might be ambiguous, but typical exam scenario: use customer managed keys for more control. However, the security team requires automatic rotation; both can do it. The nuance: customer managed keys have a rotation period that you can set, but the default is 365 days when you enable rotation.
So both work. But the question says 'which type' - likely they want customer managed because it allows you to control the policy. However, aws/s3 keys are automatically rotated and cannot be customized.
Since the requirement is 'every 365 days', which is the default for both, but aws/s3 keys are already rotated on that schedule. I think the answer is 'Customer managed key' because it's a key you own and have control over the rotation policy. Actually, aws/s3 keys are rotated annually, but you cannot view or manage them.
For compliance, you might need to control the key. So I'll go with customer managed key.