Depending on your use case, you can implement an access pattern where you can avoid issuing fixed credentials for your AWS RDS databases, and avoid many of the common pitfalls of insecure credential management.

At a high level, you can assign IAM database authentication roles attached to users who log into your AWS account(s) by membership in a group. These users would be provisioned through IAM Identity Center integrated with your identity provider, say Microsoft Entra ID, since you're using Teams.

All folks would need to do is aws sso login to their account, and then your users can either leverage those credentials to login to the DB in code or on the command line. No need to store extra credentials in/from AWS.

Some pre-requisites:

• Need to define groups in your identity provider, and then integrate with AWS IAM Identity Center
• Need to create the appropriate IAM roles for your databases - does the DB store sensitive data? What's the minimum set of permissions folks need for their job? Do they need access to the DB on a regular basis?
• Need to determine if you're using the eligible databases for IAM database authentication (MariaDB, MySQL, or PostgreSQL)