PLT-1374: Enable CloudWatch Logs Exports for Aurora Cluster Postgres Logs (#326)

## 🎫 Ticket

https://jira.cms.gov/browse/PLT-1374

## 🛠 Changes

Adds a single line of config for enabling the export of Postgres logs to
CloudWatch

## ℹ️ Context

To meet the security compliance for
[RDS.9](https://docs.aws.amazon.com/securityhub/latest/userguide/rds-controls.html#rds-9)
we must export our Postgres logs to CloudWatch

## 🧪 Validation

Using this branch as a reference for a `tofu plan` in dpc-ops under
`/terraform/dev/persistent` gives the following output:

<details>
<summary>Tofu Plan Output (DPC dev)</summary>

```
OpenTofu will perform the following actions:

  # module.persistent.module.db.aws_rds_cluster.this will be updated in-place
  ~ resource "aws_rds_cluster" "this" {
      ~ enabled_cloudwatch_logs_exports       = [
          + "postgresql",
        ]
        id                                    = "dpc-dev"
        tags                                  = {
            "AWS_Backup" = "4hr1dr_d7_w35_m90"
        }
        # (47 unchanged attributes hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.
```
</details>

Author: gfreeman-navapbc

terraform/modules/aurora/README.md

@@ -146,7 +146,7 @@ No requirements.
 | <a name="input_password"></a> [password](#input\_password) | The database's primary/master credentials password | `string` | n/a | yes |
 | <a name="input_platform"></a> [platform](#input\_platform) | Object that describes standardized platform values. | `any` | n/a | yes |
 | <a name="input_username"></a> [username](#input\_username) | The database's primary/master credentials username | `string` | n/a | yes |
-| <a name="input_aws_backup_tag"></a> [aws\_backup\_tag](#input\_aws\_backup\_tag) | Override for a standard, CDAP-managed backup tag for AWS Backups | `string` | `"4hr7_w90"` | no |
+| <a name="input_aws_backup_tag"></a> [aws\_backup\_tag](#input\_aws\_backup\_tag) | Override for a standard, CDAP-managed backup tag for AWS Backups | `string` | `"4hr1dr_d7_w35_m90"` | no |
 | <a name="input_backup_retention_period"></a> [backup\_retention\_period](#input\_backup\_retention\_period) | Days to retain backups for. | `number` | `1` | no |
 | <a name="input_cluster_identifier"></a> [cluster\_identifier](#input\_cluster\_identifier) | Override for the aurora cluster identifier | `string` | `null` | no |
 | <a name="input_cluster_instance_parameters"></a> [cluster\_instance\_parameters](#input\_cluster\_instance\_parameters) | A list of objects containing the values for apply\_method, name, and value that corresponds to the instance-level prameters. | <pre>list(object({<br/>    apply_method = string<br/>    name         = string<br/>    value        = any<br/>  }))</pre> | `[]` | no |

terraform/modules/aurora/main.tf

@@ -99,6 +99,7 @@ resource "aws_rds_cluster" "this" {
   db_cluster_parameter_group_name     = aws_rds_cluster_parameter_group.this.name
   iam_database_authentication_enabled = true
   copy_tags_to_snapshot               = true
+  enabled_cloudwatch_logs_exports     = ["postgresql"]
   vpc_security_group_ids = flatten([
     aws_security_group.this.id,
     var.platform.security_groups.cmscloud-security-tools.id,