DocumentDB cluster logs can be exported to CloudWatch for monitoring, which can be used to maintain the health of the environment as well as audit for security. Alarms can also be set based on those logs so that administrators can be made aware when issues arise. For more information, see the AWS documentation.
References:
https://docs.aws.amazon.com/documentdb/latest/developerguide/cloud_watch.html
In AWS Console
In Terraform -
References:
https://docs.aws.amazon.com/documentdb/latest/developerguide/event-auditing.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/docdb_cluster#enabled_cloudwatch_logs_exports