[v14] [docs] clarify RDS/Aurora databases getting modified

docs/pages/database-access/guides/rds.mdx

@@ -45,8 +45,15 @@ which supports IAM authentication.
 (!docs/pages/includes/edition-prereqs-tabs.mdx!)
 
 - AWS account with RDS and Aurora databases and permissions to create and attach
-  IAM policies. Your RDS and Aurora databases must have password and IAM
-  authentication enabled.
+  IAM policies.
+  <Admonition type="warning" title="IAM authentication">
+  Your RDS and Aurora databases must have password and IAM authentication
+  enabled.
+
+  If IAM authentication is not enabled on the target RDS and Aurora databases,
+  the Database Service will attempt to enable IAM authentication by modifying
+  them using respective APIs.
+  </Admonition>
 - A Linux host or Amazon Elastic Kubernetes Service cluster where you will run
   the Teleport Database Service, which proxies connections to your RDS
   databases. 
@@ -157,6 +164,13 @@ Follow these instructions on your Linux host.
 
 (!docs/pages/includes/database-access/aws-bootstrap.mdx type="rds"!)
 
+<Admonition type="note">
+Teleport uses `rds:ModifyDBInstance` and `rds:ModifyDBCluster` to automatically
+enable IAM authentication on the RDS instance and the Aurora cluster,
+respectively. You can omit these permissions if IAM authentication is already
+enabled.
+</Admonition>
+
 </TabItem>
 <TabItem label="Kubernetes Cluster">
 

docs/pages/database-access/reference/aws.mdx

@@ -155,7 +155,7 @@ policies for each discovery type are shown below.
 </Tabs>
 
 <Admonition type="note">
-Teleport uses `rds:ModifyDBInstance` and `rds:DescribeDBClusters` to
+Teleport uses `rds:ModifyDBInstance` and `rds:ModifyDBCluster` to
 automatically enable [IAM
 authentication](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html)
 on the RDS instance and the Aurora cluster, respectively. You can omit these