I am curious as to how it handles those race conditions where a connection is made with the older credentials just after the time the rds master key rotates, or a connection is made with the newer credentials just before the time the rds client key rotates. Short of using two credentials accounts ...
These were mentioned around the custom rotation strategy, any pointers to docs describing how it is done if the secret is an RDS Secret?