If you are using kubernetes, you can mount the secret/ConfigMap as a volume and it will be updated automatically when changes occur. Then your application merely watches the file for updates.
Being on AWS, using EKS feels like overkill when you're talking $75/month just for having it managed by AWS. This doesn't work with ECS, unfortunately, or if you're just running docker on EC2.
