Thanks to the hints from the comments. I found the answer from https://redis-py.readthedocs.org/en/latest/.
It says
class redis.StrictRedis(host="localhost", port=6379, db=0, password=None, socket_timeout=None, connection_pool=None, charset="utf-8", errors="strict", unix_socket_path=None)
So AUTH is in fact password passed by keyword argument.