Previously people could use parameter store in conjunction with KMS to store secrets which then could be retrieved by the application and such. Today AWS has launched a new service which allows you to integrate this even better. It is called AWS Secrets Manager.
AWS Secrets Manager allows you to use API calls which you can directly integrate into your code, plus you can use custom lambda's which they have made available, to integrate rotation in a very easy way.
When you use the latest python AWS API dealing with passwords is very easy.
import json
import boto3
secrets = boto3.client("secretsmanager")
rds = json.dumps(secrets.get_secrets_value("dev/SomeBackendApp/Database")['SecretString'])
print(rds){'engine': 'mysql',
'host': 'somebackendapp.random.eu-central-1.rds.amazonaws.com',
'password': 'some-random-long-password-to-some-user',
'port': 3306,
'username': 'some-random-user-name'}
Do note that one does this only for applications that start. When dealing with PHP and other spin-up applications and you are afraid of cost, other solutions might be better for you, but 100.000 requests cost as little as $0.50, whereas secrets cost $0.40 per month.
Please make one uses some kind of manager when dealing with passwords etc. With the coming of this specific AWS integration, you no longer need to go through hoops when dealing with password management and/or updating them (key-rotations etc).