Hi all, I have integrated automated password rotation to secretsmanager which now RDS and ECS are pulling from. Unfortunately, after I do a new terrafrom apply and read in the changed secret from secretsmanager, the ECS services (metadata backend + UI) fail. I thought just rotating the password in secretsmanager and propagating the updated passwords to the resources that consume it would suffice, but is there an additional thing I need to do?