Utilize AWS KMS and Secrets Manager to create and rotate credentials for the Aurora DB cluster every 14 days.

Employ AWS Systems Manager Parameter Store with KMS-encrypted parameters and a Lambda function to rotate the password every 14 days.

Use an AWS KMS-encrypted EFS to store and restrict access to credentials, with a Lambda function to update credentials every 14 days.

Keep credentials in an AWS KMS-encrypted S3 bucket, ensuring the application loads them regularly, and use a Lambda function to rotate credentials every 14 days.