Describe the feature

Amazon Aurora and RDS launched a new log export to debug IAM auth errors a while back: https://aws.amazon.com/about-aws/whats-new/2025/02/amazon-rds-visibility-iam-db-authentication-metrics-logs/

It seems that CDK does not support configuring this. Following error occurs when trying to configure Aurora PostgreSQL cluster to the export iam-db-auth-error logs:

Error: Unsupported logs for the current engine type: iam-db-auth-error
    at setLogRetention (/tmp/jsii-kernel-FN5V07/node_modules/aws-cdk-lib/aws-rds/lib/cluster.js:5:10168)
    at new DatabaseClusterFromSnapshot (/tmp/jsii-kernel-FN5V07/node_modules/aws-cdk-lib/aws-rds/lib/cluster.js:5:9311)
    at Kernel._Kernel_create (/tmp/tmp_1exzlk0/lib/program.js:9127:25)
    at Kernel.create (/tmp/tmp_1exzlk0/lib/program.js:8798:93)
    at KernelHost.processRequest (/tmp/tmp_1exzlk0/lib/program.js:10715:36)
    at KernelHost.run (/tmp/tmp_1exzlk0/lib/program.js:10675:22)
    at Immediate._onImmediate (/tmp/tmp_1exzlk0/lib/program.js:10676:46)
    at process.processImmediate (node:internal/timers:485:21)

Please add iam-db-auth-error as accepted log export name for engines that support it.

Use Case

To configure iam-db-auth-error log export through CDK similar to other CloudWatch log exports can be configured.

Proposed Solution

No response

Other Information

No response

Acknowledgements

• I may be able to implement this feature request
• This feature might incur a breaking change

AWS CDK Library version (aws-cdk-lib)

2.206.0

AWS CDK CLI version

2.1021.0

Environment details (OS name and version, etc.)

Ubuntu 24.04