AWS added support for using IAM to authenticate to RDS a few months ago. RDS IAM Auth
This can work for the initial connection, but effectively, the password changes every 15 minutes. AbstractConnectProtocol stores a password at connection creation time. This means that if the connection has been alive longer than 15 minutes and a failover occurs, then the reconnection attempt will fail as the stored password is no longer valid.
When using a connection pool this can be worked around by setting the max lifespan to 15 minutes, but we have code with long running manually managed connections. I could also apply lifespan logic, but it would be preferable for the driver to handle that.
The problem really extends to the UrlParser which also stores a password. Having some sort of user extensible password provider would likely be enough.