Idea: Add support for IAM Auth on Role

[igorlg]

First, just wanted to say how much I appreciate this construct! It saved me MANY hours to automate database management tasks in CDK!

I'd like to share a proposal: add support for enabling IAM Authentication on the Role construct (for clusters that have it enabled), as an alternative to username/password. E.g.:

const role = new Role(this, "Role", {
    provider: provider,
    roleName: "myrole",
    enableIamAuth: true,
}

In this case, Role would either not create a secret, or create one without a password field. Another option (to keep the Role construct simple / consistent) would be to create a separate RoleWithIAM construct.

In practice, the SQL statements in Role and Provider for PostgreSQL and MySQL would have to be amended as per the RDS IAM documentation.

Happy to provide this as a PR for discussion.

[berenddeboer]

Love it, great idea! I haven't really used IAM, as I was never sure how the permissions really worked, but happy to see a PR. Probably very hard to write a test for I assume? So may need some mocking.

[igorlg]

Great to hear! Yes, mocking will be needed for tests. I'll work on it over the weekend and raise a PR for consideration! Thank you!