Creating a MySQL® cluster

Written by

Updated at November 26, 2025

Creating a cluster
Creating a cluster copy
Examples
- Creating a single-host cluster
- Creating a multi-host cluster

A MySQL® cluster consists of one or more database hosts. In multi-host clusters, semi-synchronous replication is configured automatically.

For more information on the Managed Service for MySQL® cluster structure, see Resource relationships.

Note

The number of hosts you can create along with a MySQL® cluster depends on the selected disk type and host class.
The available disk types depend on the selected host class.

Creating a cluster

To create a Managed Service for MySQL® cluster, you need the vpc.user and managed-mysql.editor roles or higher. For more information on assigning roles, see this Identity and Access Management guide.

Cluster DB connections are managed by Connection Manager. Creating a cluster automatically creates:

Connection Manager connection with information about the database connection.
Yandex Lockbox secret that stores the DB owner's user password. Storing passwords in Yandex Lockbox ensures their security.

The connection and secret will be created for each new database user. To view all connections, select the Connections tab on the cluster page.

You need the connection-manager.viewer role to view connection info. You can use Connection Manager to configure access to connections.

You can use Connection Manager and secrets you create there free of charge.

Management console

CLI

Terraform

REST API

gRPC API

To create a Managed Service for MySQL® cluster:

In the management console, select the folder where you want to create your database cluster.
Select Managed Service for MySQL.
Click Create cluster.
Enter a name for the Managed Service for MySQL® cluster in the Cluster name field. The cluster name must be unique within the folder.
Select the environment where you want to create your Managed Service for MySQL® cluster (you cannot change the environment once the cluster is created):
- PRODUCTION: For stable versions of your apps.
- PRESTABLE: For testing purposes. The prestable environment is similar to the production environment and likewise covered by an SLA, but it is the first to get new features, improvements, and bug fixes. In the prestable environment, you can test the new versions for compatibility with your application.
Select the DBMS version.
Select the host class, which will determine the technical specifications of the VMs for deploying your database hosts. All available options are listed under Host classes. Changing the host class of a Managed Service for MySQL® cluster updates the specifications for all of its existing hosts.
Under Storage size:
- Select the disk type.
  
  The selected type determines the increments in which you can change your disk size:
  - Network HDD and SSD storage: In increments of 1 GB.
  - Local SSD storage:
    - For Intel Broadwell and Intel Cascade Lake: In increments of 100 GB.
    - For Intel Ice Lake: In increments of 368 GB.
  - Non-replicated SSDs and ultra high-speed network SSDs with three replicas: In increments of 93 GB.
- Select the storage size for data and backups. For more information on how backups take up storage space, see Backups.
  
  Note
  
  If the database storage reaches 95% capacity, the Managed Service for MySQL® cluster will switch to read-only mode. Make sure to increase the storage size in advance.
- Optionally, select Encrypted disk to encrypt the disk with a custom KMS key.
  - To create a new key, click Create.
  - To use the key you created earlier, select it in the KMS key field.
  To learn more about disk encryption, see Storage.
Optionally, under Automatic increase of storage size:
- Select In the maintenance window when full at more than and specify the of the current size is full percentage at which the storage will be increased in the next maintenance window.
- Select Immediately when full at more than and specify the of the current size is full percentage at which the storage will be increased immediately.
- In the Maximum storage size field, specify the storage size limit for automatic storage size increase.
Warning
- Automatic increase of storage size is not supported on dedicated hosts.
- If you choose to increase storage size during a maintenance window, set the maintenance window schedule.
Learn more about automatic storage size increase.
Under Database, specify the database details:
- Database name. The name must be unique within the folder.
  
  The DB name may contain Latin letters, numbers, hyphens, and underscores. The name may be up to 63 characters long. Such names as mysql, sys, information_schema, and performance_schema are reserved for Managed Service for MySQL®. You cannot create DBs with these names.
- Database owner username.
  
  The username may contain Latin letters, numbers, hyphens, and underscores, and must start with a letter, number, or underscore. It must be from 1 to 32 characters long.
- User password:
  - Enter manually: Select this option to set your own password. The password must be from 8 to 128 characters long.
  - Generate: Select this option to generate a password using Connection Manager.
  To view the password after cluster creation, select the Users tab and click View password for the relevant user. This will open the page of the Yandex Lockbox secret containing the password. To view passwords, you need the lockbox.payloadViewer role.
Under Network settings, select:
- Cloud network for the cluster.
- Security groups for the cluster network traffic. You may also need to configure security groups to connect to the Managed Service for MySQL® cluster.
Under Hosts, click and specify the settings for the database hosts created together with the Managed Service for MySQL® cluster:
- Availability zone.
- Host subnet: By default, each host is created in a separate subnet.
- Public access to make the host accessible from outside Yandex Cloud, if required.
- Host priority for promotion to master.
- Host priority as a MySQL® replica for creating backups.
The minimum number of hosts per cluster depends on the selected disk type. The default cluster configuration offered in the management console includes:
- Two hosts if the selected disk type is network-ssd, network-hdd, or network-ssd-io-m3.
- Three hosts if the selected disk type is local-ssd or network-ssd-nonreplicated.
Warning

We do not recommend creating a single-host cluster. While being cheaper, it will not ensure high availability.

After creating a Managed Service for MySQL® cluster, you can add more hosts to it if your folder resource quotas allow.
Specify additional Managed Service for MySQL® cluster settings, if required:
- Backup start time (UTC): Time interval during which the cluster backup starts. Time is specified in 24-hour UTC format. The default time is 22:00 - 23:00 UTC.
- Retention period for automatic backups, days
  
  Automatic backups will be stored for this many days.
- Maintenance window: Maintenance window settings:
  - To enable maintenance at any time, select arbitrary (default).
  - To specify the preferred maintenance start time, select by schedule and specify the desired day of the week and UTC hour. For example, you can choose a time when the cluster is least loaded.
  Maintenance operations are carried out both on enabled and disabled clusters. They may include updating the DBMS, applying patches, and so on.
- DataLens access: Enables you to analyze cluster data in Yandex DataLens.
  
  For more information about setting up a connection, see Connecting to DataLens.
- WebSQL access: Enables SQL queries against cluster databases from the Yandex Cloud management console using Yandex WebSQL.
- Yandex Query access: Enables YQL queries against cluster databases from Yandex Query. This feature is currently at the Preview stage. The default value is false.
- Statistics sampling: Enable this option to use the Performance diagnostics tool in the cluster.
- Deletion protection: Manages cluster protection against accidental deletion.
  
  Even with cluster deletion protection enabled, one can still delete a user or database or connect manually and delete the database contents.
Configure the cluster-level DBMS settings, if required.

Note

Some MySQL® settings depend on the selected host class.
Click Create cluster.

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

To create a Managed Service for MySQL® cluster:

Check whether the folder has any subnets for the Managed Service for MySQL® cluster hosts:
```
yc vpc subnet list
```
If your folder has no subnets, create them in Yandex Virtual Private Cloud.
See the description of the CLI command for creating a Managed Service for MySQL® cluster:
```
yc managed-mysql cluster create --help
```
Specify the Managed Service for MySQL® cluster parameters in the command:
```
yc managed-mysql cluster create \
  --name=<cluster_name> \
  --environment <environment> \
  --network-name <network_name> \
  --host zone-id=<availability_zone>,`
    `subnet-id=<subnet_ID>,`
    `assign-public-ip=<allow_public_access_to_host>,`
    `priority=<priority_when_selecting_master_host>,`
    `backup-priority=<backup_priority> \
  --mysql-version <MySQL®_version> \
  --resource-preset <host_class> \
  --user name=<username>,password=<user_password> \
  --database name=<DB_name> \
  --disk-size <storage_size_in_GB> \
  --disk-type <network-hdd|network-ssd|network-ssd-nonreplicated|local-ssd> \
  --security-group-ids <list_of_security_group_IDs>
```
You need to specify the subnet-id if the selected availability zone has two or more subnets.

Where:
- --environment: Environment, prestable or production.
- --assign-public-ip: Public access to the host, true or false.
- --disk-type: Disk type.
- --priority: Host priority when selecting a new master host, between 0 and 100.
- --backup-priority: Backup priority, between 0 and 100.
- --mysql-version: MySQL® version, 5.7 or 8.0.
- --user: Contains the MySQL® user name and password.
  
  The username may contain Latin letters, numbers, hyphens, and underscores, and must start with a letter, number, or underscore. It must be from 1 to 32 characters long.
  
  The password must be from 8 to 128 characters long.
  Note
  You can also generate a password using Connection Manager. To do this, modify the command, specifying user parameters as follows:
  --user name=<username>,generate-password=true
  To view the password, select your cluster in the management console, navigate to the Users tab, and click View password for the relevant user. This will open the page of the Yandex Lockbox secret containing the password. To view passwords, you need the lockbox.payloadViewer role.
- --database name: Database name.
  
  The DB name may contain Latin letters, numbers, hyphens, and underscores. The name may be up to 63 characters long. Such names as mysql, sys, information_schema, and performance_schema are reserved for Managed Service for MySQL®. You cannot create DBs with these names.
Specify additional Managed Service for MySQL® cluster settings, if required:
```
yc managed-mysql cluster create \
  ...
  --backup-window-start <backup_start_time> \
  --backup-retain-period-days=<backup_retention_period> \
  --disk-encryption-key-id <KMS_key_ID> \
  --datalens-access=<allow_access_from_DataLens> \
  --websql-access=<allow_access_from_WebSQL> \
  --yandexquery-access=<allow_access_from_Yandex_Query> \
  --deletion-protection \
  --performance-diagnostics enabled=true,`
                           `sessions-sampling-interval=<session_sampling_interval>,`
                           `statements-sampling-interval=<statement_sampling_interval>
  --disk-size-autoscaling disk-size-limit=<max_storage_size_in_GB>,`
                         `planned-usage-threshold=<threshold_for_scheduled_increase_in_percent>,`
                         `emergency-usage-threshold=<threshold_for_immediate_increase_in_percent> \
  --maintenance-window type=<maintenance_type>,`
                      `day=<day_of_week>,`
                      `hour=<hour>
```
Where:
- --backup-window-start: Backup start time.
- --backup-retain-period-days: Automatic backup retention period, in days.
- --disk-encryption-key-id: Disk encryption using a custom KMS key.
  
  To learn more about disk encryption, see Storage.
- --datalens-access: Enables access to the cluster from Yandex DataLens. The default value is false. For more information about setting up a connection, see Connecting to a MySQL® cluster from DataLens.
- --websql-access: Enables SQL queries against cluster databases from the Yandex Cloud management console using Yandex WebSQL. The default value is false.
- --yandexquery-access: Enables YQL queries against cluster databases from Yandex Query. This feature is currently at the Preview stage. The default value is false.
- --deletion-protection: Cluster protection from accidental deletion, true or false.
  
  Even with cluster deletion protection enabled, one can still delete a user or database or connect manually and delete the database contents.
- --performance-diagnostics: Enables statistics collection for cluster performance diagnostics. For sessions-sampling-interval and statements-sampling-interval, the valid values range from 1 to 86400 seconds.
- --disk-size-autoscaling: Automatic storage size increase settings:
  - planned-usage-threshold: Storage utilization threshold to trigger a storage increase during the next maintenance window, in percent. This is an optional setting. The default setting is 0 (automatic increase disabled).
    
    The valid values range from 0 to 100.
  - emergency-usage-threshold: Storage utilization threshold to trigger a storage increase right away, in percent. This is an optional setting. The default setting is 0 (automatic increase disabled).
    
    The valid values range from 0 to 100.
  - disk-size-limit: Maximum object size after increase, in GB.
  Warning
  - Automatic increase of storage size is not supported on dedicated hosts.
  - When using planned-usage-threshold, make sure to specify the --maintenance-window setting.
  - If you specify both thresholds, emergency-usage-threshold must be greater than planned-usage-threshold.
- --maintenance-window: Maintenance window settings (including for disabled clusters), where type is the maintenance type:
  - anytime: At any time (default).
  - weekly: On a schedule. For this value, also specify the following:
    - day: Day of week, i.e., MON, TUE, WED, THU, FRI, SAT, or SUN.
    - hour: Hour of day (UTC), from 1 to 24.
Configure the DBMS, if required.

With Terraform, you can quickly create a cloud infrastructure in Yandex Cloud and manage it using configuration files. These files store the infrastructure description written in HashiCorp Configuration Language (HCL). If you change the configuration files, Terraform automatically detects which part of your configuration is already deployed, and what should be added or removed.

Terraform is distributed under the Business Source License. The Yandex Cloud provider for Terraform is distributed under the MPL-2.0 license.

For more information about the provider resources, see the relevant documentation on the Terraform website or its mirror.

If you do not have Terraform yet, install it and configure the Yandex Cloud provider.

To create a Managed Service for MySQL® cluster:

In the configuration file, describe the properties of resources you want to create:
- Database cluster: Description of the cluster and its hosts.
- Database: Cluster database description.
  
  The DB name may contain Latin letters, numbers, hyphens, and underscores. The name may be up to 63 characters long. Such names as mysql, sys, information_schema, and performance_schema are reserved for Managed Service for MySQL®. You cannot create DBs with these names.
- User: Cluster user description.
- Network: Description of the cloud network where a cluster will be located. If you already have a suitable network, you don't have to describe it again.
- Subnets: Description of the subnets to connect the cluster hosts to. If you already have suitable subnets, you don't have to describe them again.
Here is an example of the configuration file structure:
```
resource "yandex_mdb_mysql_cluster" "<cluster_name>" {
  name                = "<cluster_name>"
  environment         = "<environment>"
  network_id          = "<network_ID>"
  version             = "<MySQL®_version>"
  security_group_ids  = [ "<list_of_security_group_IDs>" ]
  deletion_protection = <protect_cluster_from_deletion>

  resources {
    resource_preset_id = "<host_class>"
    disk_type_id       = "<disk_type>"
    disk_size          = "<storage_size_in_GB>"
  }

  host {
    zone             = "<availability_zone>"
    subnet_id        = "<subnet_ID>"
    assign_public_ip = <allow_public_access_to_host>
    priority         = <priority_when_selecting_master_host>
    backup_priority  = <backup_priority>
  }
}

resource "yandex_mdb_mysql_database" "<DB_name>" {
  cluster_id = "<cluster_ID>"
  name       = "<DB_name>"
}

resource "yandex_mdb_mysql_user" "<username>" {
  cluster_id = "<cluster_ID>"
  name       = "<username>"
  password   = "<user_password>"
  permission {
    database_name = "<DB_name>"
    roles         = ["ALL"]
  }
}

resource "yandex_vpc_network" "<network_name>" { name = "<network_name>" }

resource "yandex_vpc_subnet" "<subnet_name>" {
  name           = "<subnet_name>"
  zone           = "<availability_zone>"
  network_id     = "<network_ID>"
  v4_cidr_blocks = ["<range>"]
}
```
Where:
- environment: Environment, PRESTABLE or PRODUCTION.
- version: MySQL® version, 5.7 or 8.0.
- deletion_protection: Cluster protection from accidental deletion, true or false.
  
  Even with cluster deletion protection enabled, one can still delete a user or database or connect manually and delete the database contents.
- assign_public_ip: Public access to the host, true or false.
- priority: Host priority when selecting a new master host, between 0 and 100.
- backup_priority: Backup priority, between 0 and 100.
- name and password: MySQL® username and password, respectively.
  
  The username may contain Latin letters, numbers, hyphens, and underscores, and must start with a letter, number, or underscore. It must be from 1 to 32 characters long.
  
  The password must be from 8 to 128 characters long.
  
  Note
  
  You can also generate a password using Connection Manager. To do this, specify generate_password = true rather than password = "<user_password>".
  
  To view the password, select your cluster in the management console, navigate to the Users tab, and click View password for the relevant user. This will open the page of the Yandex Lockbox secret containing the password. To view passwords, you need the lockbox.payloadViewer role.
- To configure automatic increase of storage size, add the disk_size_autoscaling section to the cluster description:
```
resource "yandex_mdb_mysql_cluster" "<cluster_name>" {
  ...
  disk_size_autoscaling {
    disk_size_limit           = <maximum_storage_size_in_GB>
    emergency_usage_threshold = <threshold_for_immediate_increase_in_percent>
    planned_usage_threshold   = <threshold_for_scheduled_increase_in_percent>
  }
  ...
}
```
  Where:
  - disk_size_limit: Maximum object size after increase, in gibibytes.
  - emergency_usage_threshold: Storage utilization threshold to trigger a storage increase right away, in percent. This is an optional setting. The default setting is 0 (automatic increase disabled).
    
    The valid values range from 0 to 100.
  - planned_usage_threshold: Storage utilization threshold to trigger a storage increase during the next maintenance window, in percent. This is an optional setting. The default setting is 0 (automatic increase disabled).
    
    The valid values range from 0 to 100.
  Warning
  - Automatic increase of storage size is not supported on dedicated hosts.
  - When using planned_usage_threshold, make sure to set the maintenance_window.
  - If you specify both thresholds, emergency_usage_threshold must be greater than planned_usage_threshold.
- To set up the maintenance window (for disabled clusters as well), add the maintenance_window block to the cluster description:
```
resource "yandex_mdb_mysql_cluster" "<cluster_name>" {
  ...
  maintenance_window {
    type = <maintenance_type>
    day  = <day_of_week>
    hour = <hour>
  }
  ...
}
```
  Where:
  - type: Maintenance type. The possible values include:
    - ANYTIME: Anytime
    - WEEKLY: On a schedule
  - day: Day of week for the WEEKLY type, i.e., MON, TUE, WED, THU, FRI, SAT, or SUN.
  - hour: UTC hour for the WEEKLY type, from 1 to 24.
- To encrypt the disk with a custom KMS key, add the disk_encryption_key_id parameter:
```
resource "yandex_mdb_mysql_cluster" "<cluster_name>" {
  ...
  disk_encryption_key_id = <KMS_key_ID>
  ...
}
```
  To learn more about disk encryption, see Storage.
- To enable access from DataLens and allow SQL queries from the management console using Yandex WebSQL, add a section named access to the cluster description:
```
resource "yandex_mdb_mysql_cluster" "<cluster_name>" {
  ...
  access {
    data_lens = <true_or_false>
    web_sql   = <true_or_false>
  }
  ...
}
```
- To set the backup start time, add the backup_window_start section to your Managed Service for MySQL® cluster description:
```
resource "yandex_mdb_mysql_cluster" "<cluster_name>" {
  ...
  backup_window_start {
    hours   = <hour>
    minutes = <minute>
  }
  ...
}
```
  Where:
  - hours: Backup start hour.
  - minutes: Backup start minute.
- To set the backup retention period, specify the backup_retain_period_days parameter in the Managed Service for MySQL® cluster description:
```
resource "yandex_mdb_mysql_cluster" "<cluster_name>" {
  ...
    backup_retain_period_days = <backup_retention_period>
    ...
}
```
  Where backup_retain_period_days is automatic backup retention period, in days.
  
  The valid values range from 7 to 60. The default value is 7.
- To enable statistics collection for cluster performance diagnostics, add a performance_diagnostics section to your Managed Service for MySQL® cluster description:
```
resource "yandex_mdb_mysql_cluster" "<cluster_name>" {
  ...
  performance_diagnostics {
    enabled = true
    sessions_sampling_interval = <session_sampling_interval>
    statements_sampling_interval = <statement_sampling_interval>
  }
  ...
}
```
  For sessions_sampling_interval and statements_sampling_interval, the valid values range from 1 to 86400 seconds.
For more information about the resources you can create with Terraform, see this provider article.
Make sure the configuration files are correct.
1. In the command line, go to the folder where you created the configuration file.
2. Run a check using this command:
```
terraform plan
```
If the configuration is described correctly, the terminal will display a list of created resources and their parameters. If the configuration contains any errors, Terraform will point them out. This is a test step; no resources will be created.
Create your Managed Service for MySQL® cluster.
1. If the configuration does not contain any errors, run this command:
```
terraform apply
```
2. Confirm that you want to create the resources.
After this, all required resources will be created in the specified folder and the IP addresses of the VMs will be displayed in the terminal. You can check the new resources and their configuration using the management console.
Time limits
A Terraform provider sets the timeout for Managed Service for MySQL® cluster operations:
- Creating a cluster, including by restoring one from a backup: 15 minutes.
- Editing a cluster, including the MySQL® version update: 60 minutes.
- Deleting a cluster: 15 minutes.
Operations exceeding the set timeout are interrupted.
How do I change these limits?
Add the timeouts block to the cluster description, for example:

resource "yandex_mdb_mysql_cluster" "<cluster_name>" { ... timeouts { create = "1h30m" # 1 hour 30 minutes update = "2h" # 2 hours delete = "30m" # 30 minutes } }

Get an IAM token for API authentication and set it as an environment variable:
```
export IAM_TOKEN="<IAM_token>"
```
Create a file named body.json and paste the following code into it:
```
{
    "folderId": "<folder_ID>",
    "name": "<cluster_name>",
    "environment": "<environment>",
    "networkId": "<network_ID>",
    "securityGroupIds": [
        "<security_group_1_ID>",
        "<security_group_2_ID>",
        ...
        "<security_group_N_ID>"
    ],
    "deletionProtection": <protect_cluster_from_deletion>,
    "configSpec": {
        "version": "<MySQL®_version>",
        "resources": {
            "resourcePresetId": "<host_class>",
            "diskSize": "<storage_size_in_bytes>",
            "diskTypeId": "<disk_type>"
        },
        "access": {
            "dataLens": <allow_access_from_DataLens>,
            "webSql": <allow_access_from_WebSQL>,
            "yandexQuery": <allow_access_from_Yandex_Query>
        },
        "performanceDiagnostics": {
            "enabled": <enable_statistics_collection>,
            "sessionsSamplingInterval": "<session_sampling_interval>",
            "statementsSamplingInterval": "<statement_sampling_interval>"
        },
        "diskSizeAutoscaling": {
            "plannedUsageThreshold": "<threshold_for_scheduled_increase_in_percent>",
            "emergencyUsageThreshold": "<threshold_for_immediate_increase_in_percent>",
            "diskSizeLimit": "<maximum_storage_size_in_bytes>"
        }
    },
    "databaseSpecs": [
        {
            "name": "<DB_name>"
        },
        { <similar_configuration_for_DB_2> },
        { ... },
        { <similar_configuration_for_DB_N> }
    ],
    "userSpecs": [
        {
            "name": "<username>",
            "password": "<user_password>",
            "permissions": [
                {
                    "databaseName": "<DB_name>",
                    "roles": [
                        "<privilege_1>", "<privilege_2>", ..., "<privilege_N>"
                    ]
                }
            ]
        },
        { <similar_settings_for_user_2> },
        { ... },
        { <similar_settings_for_user_N> }
    ],
    "hostSpecs": [
        {
            "zoneId": "<availability_zone>",
            "subnetId": "<subnet_ID>",
            "assignPublicIp": <allow_public_access_to_host>
        },
        { <similar_settings_for_host_2> },
        { ... },
        { <similar_settings_for_host_N> }
    ],
    "maintenanceWindow": {
        "weeklyMaintenanceWindow": {
            "day": "<day_of_week>",
            "hour": "<hour>"
        }
    }
}
```
Where:
- folderId: Folder ID. You can get it with the list of folders in the cloud.
- name: Cluster name.
- environment: Cluster environment, PRODUCTION or PRESTABLE.
- networkId: ID of the network where the cluster will be deployed.
- securityGroupIds: Security group IDs.
- deletionProtection: Cluster protection from accidental deletion, true or false.
  
  Even with cluster deletion protection enabled, one can still delete a user or database or connect manually and delete the database contents.
- configSpec: Cluster settings:
  - version: MySQL® version.
  - resources: Cluster resources:
    - resourcePresetId: Host class.
    - diskSize: Disk size, in bytes.
    - diskTypeId: Disk type.
  - access: Settings for cluster access from Yandex Cloud services:
    - dataLens: Access from Yandex DataLens. For more information about setting up a connection, see Connecting to a MySQL® cluster from DataLens.
    - webSql: SQL queries against cluster databases from the Yandex Cloud management console using Yandex WebSQL.
    - yandexQuery: YQL queries against cluster databases from Yandex Query. This feature is currently at the Preview.
    The possible setting values are true or false.
- performanceDiagnostics: Statistics collection settings:
  - enabled: Enables statistics collection, true or false.
  - sessionsSamplingInterval: Session sampling interval, from 1 to 86400 seconds.
  - statementsSamplingInterval: Statement sampling interval, from 1 to 86400 seconds.
- diskSizeAutoscaling: Automatic storage size increase settings:
  - plannedUsageThreshold: Storage utilization threshold to trigger a storage increase during the next maintenance window, in percent. This is an optional setting. The default setting is 0 (automatic increase disabled).
    
    The valid values range from 0 to 100.
  - emergencyUsageThreshold: Storage utilization threshold to trigger a storage increase right away, in percent. This is an optional setting. The default setting is 0 (automatic increase disabled).
    
    The valid values range from 0 to 100.
  - diskSizeLimit: Maximum object size after increase, in bytes.
  Warning
  - Automatic increase of storage size is not supported on dedicated hosts.
  - When using plannedUsageThreshold, make sure to specify the maintenanceWindow setting.
  - If you specify both thresholds, emergencyUsageThreshold must be greater than plannedUsageThreshold.
- databaseSpecs: Database settings as an array of elements, one per database. Each element contains the name parameter with the database name.
  
  The DB name may contain Latin letters, numbers, hyphens, and underscores. The name may be up to 63 characters long. Such names as mysql, sys, information_schema, and performance_schema are reserved for Managed Service for MySQL®. You cannot create DBs with these names.
- userSpecs: User settings as an array of elements, one per user. Each element has the following structure:
  - name: Username.
  - password: Password. The password must be from 8 to 128 characters long.
    
    You can also generate a password using Connection Manager. To do this, specify "generatePassword": true rather than "password": "<user_password>".
    
    To view the password, select your cluster in the management console, navigate to the Users tab, and click View password for the relevant user. This will open the page of the Yandex Lockbox secret containing the password. To view passwords, you need the lockbox.payloadViewer role.
  - permissions: User permission settings:
    - databaseName: Name of the database to which the user will have access.
    - roles: Array of user privileges, each provided as a separate string in the array. For the list of possible values, see User privileges in a cluster.
    For each database, add a separate element with permission settings to the permissions array.
- hostSpecs: Cluster host settings as an array of elements, one per host. Each element has the following structure:
  - zoneId: Availability zone.
  - subnetId: Subnet ID.
  - assignPublicIp: Permission to connect to the host from the internet, true or false.
- maintenanceWindow: Maintenance window settings (including for disabled clusters). Provide one of these parameters:
  - anytime (default): Maintenance can take place at any time.
  - weeklyMaintenanceWindow: Scheduled maintenance:
    - day: Day of week, in DDD format. Valid values: MON, TUE, WED, THU, FRI, SAT, SUN.
    - hour: Time of day (UTC) in HH format. The valid values range from 1 to 24.

Call the Cluster.create method, e.g., via the following cURL request:

curl \
    --request POST \
    --header "Authorization: Bearer $IAM_TOKEN" \
    --header "Content-Type: application/json" \
    --url 'https://mdb.api.cloud.yandex.net/managed-mysql/v1/clusters' \
    --data "@body.json"

Check the server response to make sure your request was successful.

Get an IAM token for API authentication and save it as an environment variable:
```
export IAM_TOKEN="<IAM_token>"
```
Clone the cloudapi repository:
```
cd ~/ && git clone --depth=1 https://github.com/yandex-cloud/cloudapi
```
Below, we assume the repository contents are stored in the ~/cloudapi/ directory.
Create a file named body.json and paste the following code into it:
```
{
    "folder_id": "<folder_ID>",
    "name": "<cluster_name>",
    "environment": "<environment>",
    "network_id": "<network_ID>",
    "security_group_ids": [
        "<security_group_1_ID>",
        "<security_group_2_ID>",
        ...
        "<security_group_N_ID>"
    ],
    "deletion_protection": <protect_cluster_from_deletion>,
    "config_spec": {
        "version": "<MySQL®_version>",
        "resources": {
            "resource_preset_id": "<host_class>",
            "disk_size": "<storage_size_in_bytes>",
            "disk_type_id": "<disk_type>"
        },
        "access": {
            "data_lens": <allow_access_from_DataLens>,
            "web_sql": <allow_access_from_WebSQL>,
            "yandex_query": <allow_access_from_Yandex_Query>
        },
        "performance_diagnostics": {
            "enabled": <enable_statistics_collection>,
            "sessions_sampling_interval": "<session_sampling_interval>",
            "statements_sampling_interval": "<statement_sampling_interval>"
        },
        "disk_size_autoscaling": {
            "planned_usage_threshold": "<threshold_for_scheduled_increase_in_percent>",
            "emergency_usage_threshold": "<threshold_for_immediate_increase_in_percent>",
            "disk_size_limit": "<maximum_storage_size_in_bytes>"
        }
    },
    "database_specs": [
          {
              "name": "<DB_name>"
          },
          { <similar_configuration_for_DB_2> },
          { ... },
          { <similar_configuration_for_DB_N> }
      ],
    "user_specs": [
        {
            "name": "<username>",
            "password": "<user_password>",
            "permissions": [
                {
                    "database_name": "<DB_name>",
                    "roles": [
                        "<privilege_1>", "<privilege_2>", ..., "<privilege_N>"
                    ]
                }
            ]
        }
    ],
    "host_specs": [
        {
            "zone_id": "<availability_zone>",
            "subnet_id": "<subnet_ID>",
            "assign_public_ip": <allow_public_access_to_host>
        }
    ],
    "maintenance_window": {
      "weekly_maintenance_window": {
        "day": "<day_of_week>",
        "hour": "<hour>"
      }
    }
}
```
Where:
- folder_id: Folder ID. You can request it with the list of folders in the cloud.
- name: Cluster name.
- environment: Cluster environment, PRODUCTION or PRESTABLE.
- network_id: ID of the network where the cluster will be deployed.
- security_group_ids: Security group IDs.
- deletion_protection: Cluster protection from accidental deletion, true or false.
  
  Even with cluster deletion protection enabled, one can still delete a user or database or connect manually and delete the database contents.
- config_spec: Cluster settings:
  - version: MySQL® version.
  - resources: Cluster resources:
    - resource_preset_id: Host class.
    - disk_size: Disk size, in bytes.
    - disk_type_id: Disk type.
  - access: Settings for cluster access from Yandex Cloud services:
    - data_lens: Access from Yandex DataLens. For more information about setting up a connection, see Connecting to a MySQL® cluster from DataLens.
    - web_sql: SQL queries against cluster databases from the Yandex Cloud management console using Yandex WebSQL.
    - yandex_query: YQL queries against cluster databases from Yandex Query. This feature is currently at the Preview.
    The possible setting values are true or false.
- performance_diagnostics: Statistics collection settings:
  - enabled: Enables statistics collection, true or false.
  - sessions_sampling_interval: Session sampling interval, from 1 to 86400 seconds.
  - statements_sampling_interval: Statement sampling interval, from 60 to 86400 seconds.
- disk_size_autoscaling: Automatic storage size increase settings:
  - planned_usage_threshold: Storage utilization threshold to trigger a storage increase during the next maintenance window, in percent. This is an optional setting. The default setting is 0 (automatic increase disabled).
    
    The valid values range from 0 to 100.
  - emergency_usage_threshold: Storage utilization threshold to trigger a storage increase right away, in percent. This is an optional setting. The default setting is 0 (automatic increase disabled).
    
    The valid values range from 0 to 100.
  - disk_size_limit: Maximum object size after increase, in bytes.
  Warning
  - Automatic increase of storage size is not supported on dedicated hosts.
  - When using planned_usage_threshold, make sure to specify the maintenance_window setting.
  - If you specify both thresholds, emergency_usage_threshold must be greater than planned_usage_threshold.
- database_specs: Database settings as an array of elements, one per database. Each element contains the name parameter with the database name.
- user_specs: User settings as an array of elements, one per user. Each element has the following structure:
  - name: Username.
  - password: Password. The password must be from 8 to 128 characters long.
    
    You can also generate a password using Connection Manager. To do this, specify "generate_password": true rather than "password": "<user_password>".
    
    To view the password, select your cluster in the management console, navigate to the Users tab, and click View password for the relevant user. This will open the page of the Yandex Lockbox secret containing the password. To view passwords, you need the lockbox.payloadViewer role.
  - permissions: User permission settings:
    - database_name: Name of the database to which the user will have access.
    - roles: Array of user privileges, each provided as a separate string in the array. For the list of possible values, see User privileges in a cluster.
    For each database, add a separate element with permission settings to the permissions array.
- host_specs: Cluster host settings as an array of elements, one for each host. Each element has the following structure:
  - zone_id: Availability zone.
  - subnet_id: Subnet ID.
  - assign_public_ip: Permission to connect to the host from the internet, true or false.
- maintenance_window: Maintenance window settings (including for disabled clusters). Provide one of these parameters:
  - anytime (default): Maintenance can take place at any time.
  - weekly_maintenance_window: Scheduled maintenance:
    - day: Day of week, in DDD format. Valid values: MON, TUE, WED, THU, FRI, SAT, SUN.
    - hour: Time of day (UTC) in HH format. The valid values range from 1 to 24.

Use the ClusterService/Create call and send the following request, e.g., via gRPCurl:

grpcurl \
    -format json \
    -import-path ~/cloudapi/ \
    -import-path ~/cloudapi/third_party/googleapis/ \
    -proto ~/cloudapi/yandex/cloud/mdb/mysql/v1/cluster_service.proto \
    -rpc-header "Authorization: Bearer $IAM_TOKEN" \
    -d @ \
    mdb.api.cloud.yandex.net:443 \
    yandex.cloud.mdb.mysql.v1.ClusterService.Create \
    < body.json

Check the server response to make sure your request was successful.

Warning

If you specified security group IDs when creating a Managed Service for MySQL® cluster, you may also need to configure security groups to connect to the cluster.

Creating a cluster copy

You can create a MySQL® cluster with the settings of another one created earlier. To do this, import the source MySQL® cluster configuration to Terraform. This way, you can either create an identical copy or use the configuration you imported as the baseline and modify it as needed. Importing a configuration is a good idea when a source MySQL® cluster has a lot of settings and you need to create a similar one.

To create a MySQL® cluster copy:

Terraform

If you do not have Terraform yet, install it.
Get the authentication credentials. You can add them to environment variables or specify them later in the provider configuration file.
Configure and initialize a provider. There is no need to create a provider configuration file manually, you can download it.
Place the configuration file in a separate working directory and specify the parameter values. If you did not add the authentication credentials to environment variables, specify them in the configuration file.
In the same working directory, place a .tf file with the following contents:
```
resource "yandex_mdb_mysql_cluster" "old" { }
```
Save the ID of the source MySQL® cluster to an environment variable:
```
export MYSQL_CLUSTER_ID=<cluster_ID>
```
You can get the ID with the list of clusters in the folder.
Import the source MySQL® cluster settings into the Terraform configuration:
```
terraform import yandex_mdb_mysql_cluster.old ${MYSQL_CLUSTER_ID}
```
Get the imported configuration:
```
terraform show
```
Copy it from the terminal and paste it into the .tf file.
Place the file in the new imported-cluster directory.
Edit the copied configuration so that you can create a new cluster from it:
- Specify a name for the new cluster in the resource string and the name parameter.
- Delete the created_at, health, id, and status parameters.
- In the host sections, delete fqdn.
- If type = "ANYTIME" appears in the maintenance_window section, delete the hour parameter.
- Optionally, make further changes if you need a customized configuration.
Get the authentication credentials in the imported-cluster directory.
In the same directory, configure and initialize the provider. To avoid creating a configuration file with the provider settings manually, download it.
Place the configuration file in the imported-cluster directory and specify the parameter values. If you did not add the authentication credentials to environment variables, specify them in the configuration file.
Validate your Terraform configuration files:
```
terraform validate
```
Terraform will show any errors found in your configuration files.
Create the required infrastructure:
1. Run this command to view the planned changes:
```
terraform plan
```
  If you described the configuration correctly, the terminal will display a list of the resources to update and their parameters. This is a verification step that does not apply changes to your resources.
2. If everything looks correct, apply the changes:
  1. Run this command:
```
terraform apply
```
  2. Confirm updating the resources.
  3. Wait for the operation to complete.
All the required resources will be created in the specified folder. You can check resource availability and their settings in the management console.

Time limits

A Terraform provider sets the timeout for Managed Service for MySQL® cluster operations:

Creating a cluster, including by restoring one from a backup: 15 minutes.
Editing a cluster, including the MySQL® version update: 60 minutes.
Deleting a cluster: 15 minutes.

Operations exceeding the set timeout are interrupted.

How do I change these limits?

Add the timeouts block to the cluster description, for example:

resource "yandex_mdb_mysql_cluster" "<cluster_name>" {
  ...
  timeouts {
    create = "1h30m" # 1 hour 30 minutes
    update = "2h"    # 2 hours
    delete = "30m"   # 30 minutes
  }
}

Examples

Creating a single-host cluster

CLI

Terraform

To create a Managed Service for MySQL® cluster with a single host, provide a single --host parameter.

Create a Managed Service for MySQL® cluster with the following test specifications:

Name: my-mysql.
Version: 8.0.
Environment: production.
Network: default.
Security group ID: enp6saqnq4ie244g67sb.
One s2.micro host in the b0rcctk2rvtr8efcch64 subnet and ru-central1-a availability zone.
Network SSD storage (network-ssd): 20 GB.
User: user1, password: user1user1.
Database: db1, where user1 has full privileges (same as GRANT ALL PRIVILEGES on db1.*).
Deletion protection: Enabled.

Run this command to create your Managed Service for MySQL® cluster:

yc managed-mysql cluster create \
  --name="my-mysql" \
  --mysql-version 8.0 \
  --environment=production \
  --network-name=default \
  --security-group-ids enp6saqnq4ie244g67sb \
  --host zone-id=ru-central1-a,subnet-id=b0rcctk2rvtr8efcch64 \
  --resource-preset s2.micro \
  --disk-type network-ssd \
  --disk-size 20 \
  --user name=user1,password="user1user1" \
  --database name=db1 \
  --deletion-protection

Run this command to change the user1 permissions:

yc managed-mysql user grant-permission user1 \
  --cluster-name="my-mysql" \
  --database=db1 \
  --permissions ALL

Create a Managed Service for MySQL® cluster and a network for it with the following test specifications:

Name: my-mysql.
Version: 8.0.
Environment: PRESTABLE.
Cloud ID: b1gq90dgh25bebiu75o.
Folder ID: b1gia87mbaomkfvsleds.
Network: mynet (new one).
Host class: s2.micro (one host), subnet: mysubnet, availability zone: ru-central1-a. mysubnet CIDR range: 10.5.0.0/24.
Security group: mysql-sg (new one), allowing internet access to the Managed Service for MySQL® cluster on port 3306.
Network SSD storage (network-ssd): 20 GB.
User: user1, password: user1user1.
Database: db1, where user1 has full privileges (same as GRANT ALL PRIVILEGES on db1.*).
Deletion protection: Enabled.

The configuration file for this Managed Service for MySQL® cluster looks like this:

resource "yandex_mdb_mysql_cluster" "my-mysql" {
  name                = "my-mysql"
  environment         = "PRESTABLE"
  network_id          = yandex_vpc_network.mynet.id
  version             = "8.0"
  security_group_ids  = [ yandex_vpc_security_group.mysql-sg.id ]
  deletion_protection = true

  resources {
    resource_preset_id = "s2.micro"
    disk_type_id       = "network-ssd"
    disk_size          = 20
  }

  host {
    zone      = "ru-central1-a"
    subnet_id = yandex_vpc_subnet.mysubnet.id
  }
}

resource "yandex_mdb_mysql_database" "db1" {
  cluster_id = yandex_mdb_mysql_cluster.my-mysql.id
  name       = "db1"
}

resource "yandex_mdb_mysql_user" "user1" {
  cluster_id = yandex_mdb_mysql_cluster.my-mysql.id
  name       = "user1"
  password   = "user1user1"
  permission {
    database_name = yandex_mdb_mysql_database.db1.name
    roles         = ["ALL"]
  }
}

resource "yandex_vpc_network" "mynet" {
  name = "mynet"
}

resource "yandex_vpc_security_group" "mysql-sg" {
  name       = "mysql-sg"
  network_id = yandex_vpc_network.mynet.id

  ingress {
    description    = "MySQL®"
    port           = 3306
    protocol       = "TCP"
    v4_cidr_blocks = [ "0.0.0.0/0" ]
  }
}

resource "yandex_vpc_subnet" "mysubnet" {
  name           = "mysubnet"
  zone           = "ru-central1-a"
  network_id     = yandex_vpc_network.mynet.id
  v4_cidr_blocks = ["10.5.0.0/24"]
}

Creating a multi-host cluster

CLI

Terraform

To create a multi-host Managed Service for MySQL® cluster, provide the --host parameter for each host in your cluster.

Create a Managed Service for MySQL® cluster with the following test specifications:

Name: my-mysql-3.
Version: 8.0.
Environment: prestable.
Network: default.
Security group ID: enp6saqnq4ie244g67sb.
s2.micro public hosts: 3.

One host will be added to each subnet of the default network:
- subnet-a: 10.5.0.0/24, availability zone: ru-central1-a.
- subnet-b: 10.6.0.0/24, availability zone: ru-central1-b.
- subnet-d: 10.7.0.0/24, availability zone: ru-central1-d.
The host residing in subnet-b will have the backup priority. If this host is not acting as the master, backups will be created from its data.
Network SSD storage (network-ssd): 32 GB.
User: user1, password: user1user1.
Database: db1, where user1 has full privileges (same as GRANT ALL PRIVILEGES on db1.*).

Run this command to create your Managed Service for MySQL® cluster:

yc managed-mysql cluster create \
  --name="my-mysql-3" \
  --mysql-version 8.0 \
  --environment=prestable \
  --network-name=default \
  --security-group-ids enp6saqnq4ie244g67sb \
  --host zone-id=ru-central1-a,`
         `subnet-name=subnet-a,`
         `assign-public-ip=true \
  --host zone-id=ru-central1-b,`
         `subnet-name=subnet-b,`
         `backup-priority=10,`
         `assign-public-ip=true \
  --host zone-id=ru-central1-d,`
         `subnet-name=subnet-d,`
         `assign-public-ip=true \
  --resource-preset s2.micro \
  --disk-type network-ssd \
  --disk-size 32 \
  --user name=user1,password="user1user1" \
  --database name=db1

Run this command to change the user1 permissions:

yc managed-mysql user grant-permission user1 \
  --cluster-name="my-mysql-3" \
  --database=db1 \
  --permissions ALL

Create a Managed Service for MySQL® cluster and a network for it with the following test specifications:

Name: my-mysql-3.
Version: 8.0.
Environment: PRESTABLE.
Cloud ID: b1gq90dgh25bebiu75o.
Folder ID: b1gia87mbaomkfvsleds.
New network: mynet.
s2.micro public hosts: 3.

One host will be added to each new subnet:
- mysubnet-a: 10.5.0.0/24, availability zone: ru-central1-a.
- mysubnet-b: 10.6.0.0/24, availability zone: ru-central1-b.
- mysubnet-d: 10.7.0.0/24, availability zone: ru-central1-d.
These subnets will belong to the mynet network.

The host residing in mysubnet-b will have the backup priority. If this host is not acting as the master, backups will be created from its data.
New security group: mysql-sg, allowing connections to Managed Service for MySQL® clusters from the Internet through port 3306.
Network SSD storage (network-ssd): 32 GB.
User: user1, password: user1user1.
Database: db1, where user1 has full privileges (same as GRANT ALL PRIVILEGES on db1.*).

The configuration file for this Managed Service for MySQL® cluster looks like this:

resource "yandex_mdb_mysql_cluster" "my-mysql-3" {
  name                = "my-mysql-3"
  environment         = "PRESTABLE"
  network_id          = yandex_vpc_network.mynet.id
  version             = "8.0"
  security_group_ids  = [ yandex_vpc_security_group.mysql-sg.id ]

  resources {
    resource_preset_id = "s2.micro"
    disk_type_id       = "network-ssd"
    disk_size          = 32
  }

  host {
    zone             = "ru-central1-a"
    subnet_id        = yandex_vpc_subnet.mysubnet-a.id
    assign_public_ip = true
  }

  host {
    zone             = "ru-central1-b"
    subnet_id        = yandex_vpc_subnet.mysubnet-b.id
    assign_public_ip = true
    backup_priority  = 10
  }

  host {
    zone             = "ru-central1-d"
    subnet_id        = yandex_vpc_subnet.mysubnet-d.id
    assign_public_ip = true
  }
}

resource "yandex_mdb_mysql_database" "db1" {
  cluster_id = yandex_mdb_mysql_cluster.my-mysql-3.id
  name       = "db1"
}

resource "yandex_mdb_mysql_user" "user1" {
  cluster_id = yandex_mdb_mysql_cluster.my-mysql-3.id
  name       = "user1"
  password   = "user1user1"
  permission {
    database_name = yandex_mdb_mysql_database.db1.name
    roles         = ["ALL"]
  }
}

resource "yandex_vpc_network" "mynet" {
  name = "mynet"
}

resource "yandex_vpc_security_group" "mysql-sg" {
  name       = "mysql-sg"
  network_id = yandex_vpc_network.mynet.id

  ingress {
    description    = "MySQL®"
    port           = 3306
    protocol       = "TCP"
    v4_cidr_blocks = [ "0.0.0.0/0" ]
  }
}

resource "yandex_vpc_subnet" "mysubnet-a" {
  name             = "mysubnet-a"
  zone             = "ru-central1-a"
  network_id       = yandex_vpc_network.mynet.id
  v4_cidr_blocks   = ["10.5.0.0/24"]
}

resource "yandex_vpc_subnet" "mysubnet-b" {
  name             = "mysubnet-b"
  zone             = "ru-central1-b"
  network_id       = yandex_vpc_network.mynet.id
  v4_cidr_blocks   = ["10.6.0.0/24"]
}

resource "yandex_vpc_subnet" "mysubnet-d" {
  name             = "mysubnet-d"
  zone             = "ru-central1-d"
  network_id       = yandex_vpc_network.mynet.id
  v4_cidr_blocks   = ["10.7.0.0/24"]
}

Creating a MySQL® cluster

Creating a clusterCreating a cluster

Creating a cluster copyCreating a cluster copy

ExamplesExamples

Creating a single-host clusterCreating a single-host cluster

Creating a multi-host clusterCreating a multi-host cluster

Was the article helpful?

Creating a cluster

Creating a cluster copy

Examples

Creating a single-host cluster

Creating a multi-host cluster