Ryan had discussed AWS KMS managed key and customer managed key where he adds OpenSSL generated key material. So from that perspective, it makes sense that auto key rotation for customer generated+openSSL material is not available.
But in this lecture, it seems that there is a 3rd variation of a key? — it is customer managed but AWS provides the key material? You lost me there.
Yes, that’s the third one. It is called an AWS Managed CMK in the documentation, or "Customer Managed" in his slide.
It allows shorter automatic rotation (1 year), and the ability to manually manage, rotate and delete keys.