From my experience with AWS, an ARN (Amazon Resource Name) is simply an identifier used to identify a service within AWS, it's not necessarily anything to do with credentials. Here's the Amazon page for RDS ARN
As I understand it, if your DevOps team aren't willing to share credentials they should be looking at creating an IAM
] instead, which is a way for your DevOps team to create a personalised security profile which has limited access to AWS resources. You can read up on this documentation page
] for more information on that.
Personally, I wouldn't see an issue with having access to credentials to access the database so long as the role has only the permissions needed. However some companies can be extremely strict over that sort of thing, so using things like ARN and IAM tend to be more secure.