Enable support in Tableau Server for authenticating to AWS RDS via IAM role instead of IAM user username/password.
AWS security best practices are driving AWS account owners towards implementing better user access controls including using MFA and password rotation policies. In contrast, using user credentials in Tableau for RDS authentication is driving AWS account owners to create less secure IAM users specifically to be used a service accounts. The credentials for these users are then embedded into the connection details where they remain fairly static. Or possibly, a new process must be created to manually manage the password refresh lifecycle within AWS and then apply updated passwords to Tableau server data sources.
An alternative is to deploy Tableau Server to an AWS instance where a specific IAM role with access to RDS has been applied. When an IAM role is applied to an EC2 instance, all applications running on that instance have access based on what has been granted to the role. There will no need to generate long term credentials and no need to embed credentials within published artifacts.