python: Use direct TLS connections for psycopg2 (#167)

Co-authored-by: Daniel Frankcom <frankcom@amazon.com>

Author: danielfrankcom

python/psycopg2/README.md

@@ -29,6 +29,19 @@ The code automatically detects the user type and adjusts its behavior accordingl
 * This code is not tested in every AWS Region. For more information, see
   [AWS Regional Services](https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services).
 
+## TLS connection configuration
+
+This example uses direct TLS connections where supported, and verifies the server certificate is trusted. Verified SSL
+connections should be used where possible to ensure data security during transmission.
+
+* Driver versions following the release of PostgreSQL 17 support direct TLS connections, bypassing the traditional
+  PostgreSQL connection preamble
+* Direct TLS connections provide improved connection performance and enhanced security
+* Not all PostgreSQL drivers support direct TLS connections yet, or only in recent versions following PostgreSQL 17
+* Ensure your installed driver version supports direct TLS negotiation, or use a version that is at least as recent as
+  the one used in this sample
+* If your driver doesn't support direct TLS connections, you may need to use the traditional preamble connection instead
+
 ## Run the example
 
 ### Prerequisites

python/psycopg2/src/example.py

@@ -1,5 +1,6 @@
 import boto3
 import psycopg2
+import psycopg2.extensions
 import os
 import sys
 
@@ -24,6 +25,10 @@ def create_connection(cluster_user, cluster_endpoint, region):
         "password": password_token
     }
 
+    # Use the more efficient connection method if it's supported.
+    if psycopg2.extensions.libpq_version() >= 170000:
+        conn_params["sslnegotiation"] = "direct"
+
     # Make a connection to the cluster
     conn = psycopg2.connect(**conn_params)