Creating a PostgreSQL cluster

Written by

Improved by

Updated at December 5, 2025

Creating a cluster
Creating a cluster copy
Examples
- Creating a single-host cluster

A PostgreSQL cluster is one or more database hosts between which you can configure replication. Replication is enabled by default in any cluster consisting of more than one host: the master host accepts write requests and duplicates changes on replicas. A transaction is committed once the data is written to disk on both the master host and on a sufficient number of replicas to form a quorum.

Note

The number of hosts you can create together with a PostgreSQL cluster depends on the selected disk type and host class.
The available disk types depend on the selected host class.
If the database storage reaches 97% capacity, the cluster will switch to read-only mode. Plan and increase your storage size beforehand, or set up an automatic storage expansion.

By default, Managed Service for PostgreSQL sets the maximum possible number of connections for each host in the PostgreSQL cluster. This maximum cannot exceed the value of the Max connections setting.

Warning

Managed Service for PostgreSQL reserves 15 connections for service users per PostgreSQL host. For example, if the cluster has Max connections 100, you can reserve a maximum of 85 connections for cluster users.

Creating a cluster

To create a Managed Service for PostgreSQL cluster, you need the vpc.user and managed-postgresql.editor roles or higher. For more information on assigning roles, see the Identity and Access Management guides.

Cluster DB connections are managed by Connection Manager. Creating a cluster automatically creates:

Connection Manager connection with information about the database connection.
Yandex Lockbox secret that stores the DB owner's user password. Storing passwords in Yandex Lockbox ensures their security.

The connection and secret will be created for each new database user. To view all connections, select the Connections tab on the cluster page.

You need the connection-manager.viewer role to view connection info. You can use Connection Manager to configure access to connections.

You can use Connection Manager and secrets you create there free of charge.

Management console

CLI

Terraform

REST API

gRPC API

To create a Managed Service for PostgreSQL cluster:

In the management console, select the folder where you want to create your database cluster.
Go to Managed Service for PostgreSQL.
Click Create cluster.
Specify the cluster name in the Cluster name field. The cluster name must be unique within the folder.
Select the environment where you want to create your cluster (you cannot change the environment once the cluster is created):
- PRODUCTION: For stable versions of your applications.
- PRESTABLE: For testing purposes. The prestable environment is similar to the production environment and likewise covered by an SLA, but it is the first to get new features, improvements, and bug fixes. In the prestable environment, you can test new versions for compatibility with your application.
Select the DBMS version.
Select the host class, which will determine the technical specifications of the VMs for deploying your database hosts. All available options are listed under Host classes. Changing the cluster’s host class updates the specifications for all of its existing hosts.
Under Storage size:
- Select the disk type.
  
  The selected type determines the increments in which you can change your disk size:
  - Network HDD and SSD storage: In increments of 1 GB.
  - Local SSD storage:
    - For Intel Broadwell and Intel Cascade Lake: In increments of 100 GB.
    - For Intel Ice Lake: In increments of 368 GB.
  - Non-replicated SSDs and ultra high-speed network SSDs with three replicas: In increments of 93 GB.
- Select the storage capacity for your data and backups. For more information on how backups occupy storage space, see Backups.
- Optionally, select Encrypted disk to encrypt the disk with a custom KMS key.
  - To create a new key, click Create.
  - To use the key you created earlier, select it in the KMS key field.
  To learn more about disk encryption, see Storage.
Optionally, under Automatic increase of storage size, specify the following settings:
- In the Increase size field, specify the conditions for the actions below:
  - Storage size increase during the next maintenance window once the fill level exceeds the specified percentage.
  - Storage size increase immediately once the fill level exceeds the specified percentage.
  You can set both thresholds, provided that the threshold for immediate scaling is higher than that for scaling during the maintenance window.
  
  For more information on storage scaling rules, see this section.
- In the Maximum storage size field, specify the maximum storage size that can be set during automatic scaling.
If the specified threshold is reached, the storage size increases differently depending on disk type:
- For network HDDs and SSDs, by the higher of the two values: 20 GB or 20% of the current disk size.
- For non-replicated SSDs and ultra high-speed network SSDs with three replicas, by 93 GB.
- For local SSDs:
  - In an Intel Broadwell or Intel Cascade Lake cluster, by 100 GB.
  - Intel Ice Lake cluster, by 368 GB.
If the threshold is reached again, the storage size will be automatically increased until it reaches the specified maximum. After that, you can specify a new maximum storage size manually.
Warning
- You cannot decrease the storage size.
- While resizing the storage, cluster hosts will be unavailable.
Note

Some PostgreSQL settings depend on the storage size.

If you have configured storage scaling during a maintenance window, set the maintenance schedule.
Under Database, specify the database details:
- Database name. The name must be unique within the folder.
  
  The database name may contain Latin letters, numbers, underscores, and hyphens. The name may be up to 63 characters long. The names postgres, template0, and template1 are reserved for Managed Service for PostgreSQL. You cannot create databases with these names.
- Database owner username. By default, the system allocates 50 connections per cluster host to a new user. You can change the maximum number of connections using the Conn limit setting.
  
  The username may contain Latin letters, numbers, hyphens, and underscores but must begin with a letter (except the pg_ combination), number, or underscore. The name may be up to 63 characters long.
  
  Such names as admin, repl, monitor, postgres, mdb_superuser, mdb_admin, mdb_monitor, and mdb_replication are reserved for Managed Service for PostgreSQL. You cannot create users with these names.
- Password:
  - Enter manually: Select this option to set your own password. It must be from 8 to 128 characters long.
  - Generate: Select this option to generate a password using Connection Manager.
  To view the password after creating a cluster, select the Users tab and click View password for the relevant user. This will open the page of the Yandex Lockbox secret containing the password. To view passwords, you need the lockbox.payloadViewer role.
- Collation locale and character set locale. These settings define the rules for sorting strings (LC_COLLATE) and classifying characters (LC_CTYPE). In Managed Service for PostgreSQL, locale settings apply at the level of an individual database.
  
  PostgreSQL uses locales to support various language standards. The locale you choose affects:
  - Sort order in the queries that use the ORDER BY operator or standard text data matching operators.
  - The functions upper, lower, initcap, and the to_char family of functions.
  - Pattern matching operators (LIKE, ILIKE, SIMILAR TO, regular expressions).
  - Support of indexes with the LIKE operator.
  By default, the C locale is used. if you use the C encoding for text data containing non-Latin (for example, Cyrillic) characters, errors might occur in the data sort order and data display in the case of pattern search. If this locale is not suitable for valid processing of tables in your database, select another encoding from the list. However, please keep in mind that a non-standard locale might decrease the database query processing rate.
  
  For more information about locale settings, see the PostgreSQL documentation.
  
  You cannot change locale settings after you create a database. However, you can set the sorting locale for columns when creating and modifying individual tables. Learn more in the PostgreSQL documentation.
Under Network settings, select:
- Cloud network for cluster deployment. If there are no networks in the list, click Create network to create one:
  1. In the window that opens, specify the network name and select the folder where it will be created.
  2. Optionally, check Create subnets to automatically create subnets in all availability zones.
  3. Click Create network.
  Warning
  
  The cloud network selected for cluster deployment can't be changed. If you need to move your cluster to a different cloud network later, use the restore from a backup feature and specify the desired network for the cluster backup.
- Security groups for the cluster network traffic. You may need to additionally set up security groups to be able to connect to the cluster.
Under Hosts, configure the settings for the cluster’s database hosts. By default, each host is created in a separate subnet. To select a specific subnet for a host, click next to it.

The minimum number of hosts per cluster depends on the selected disk type. The default cluster configuration offered in the management console includes:
- Two hosts if the selected disk type is network-ssd, network-hdd, or network-ssd-io-m3.
- Three hosts if the selected disk type is local-ssd or network-ssd-nonreplicated.
Warning

We do not recommend creating a single-host cluster. While being cheaper, it will not ensure high availability.

After creating a Managed Service for PostgreSQL cluster, you can add more hosts to it if your folder resource quotas allow.

To enable internet access to the hosts, check Public access.
Specify additional cluster settings, if required:
- Backup start time (UTC): Time interval during which the cluster backup starts. Time is specified in 24-hour UTC format. The default time is 22:00 - 23:00 UTC.
- Retention period for automatic backups, days: Retention period for automatic backups. Backups are automatically deleted once their retention period expires. The default is 7 days. For more information, see Backups.
  
  Changing the retention period affects both new and existing automatic backups. For example, the initial retention period was 7 days. A specific automatic backup has 1 day of remaining lifetime. If you increase the retention period to 9 days, that backup’s remaining lifetime becomes 3 days.
  
  Automatic cluster backups are stored for a specified number of days, while manually created ones are stored indefinitely. After a cluster is deleted, all its backups are retained for 7 days.
- Maintenance window: Maintenance window settings:
  - To enable maintenance at any time, select arbitrary (default).
  - To specify the preferred maintenance start time, select by schedule and specify the desired day of the week and UTC hour. For example, you can choose a time when the cluster is least loaded.
  Maintenance operations are carried out both on enabled and disabled clusters. They may include updating the DBMS, applying patches, and so on.
- DataLens access: Enables you to analyze cluster data in Yandex DataLens.
- WebSQL access: Enables you to run SQL queries against cluster databases from the Yandex Cloud management console using Yandex WebSQL.
- Yandex Query access: Enables you to run YQL queries against cluster databases from Yandex Query.
- Serverless access: Enables cluster access from Yandex Cloud Functions. For more details on configuring access, see this Cloud Functions article.
- Statistics sampling: Enables you to use the Performance diagnostics tool in a cluster. When enabling this option, also configure Sessions sampling interval and Statements sampling interval using the sliders. Both settings are measured in seconds.
- Autofailover: If this option is enabled, the system will automatically update the replication source for all replica hosts to point to the new master host when the master changes. To learn more, see Replication.
  
  If the master host is deleted, a new master will be elected automatically, regardless of this setting.
  
  Alert
  
  If the Autofailover option is disabled, you must manually initiate an election for a new master or assign this role to a replica if the master host fails.
- Pooling mode: Select one of the connection pooler modes.
- Deletion protection: Deletion protection for the cluster, its databases, and users.
  
  By default, when users and databases are created, this setting’s value is inherited from the cluster. You can also specify this setting manually. See User management and Database management for details.
  
  If the setting is changed on a running cluster, the new value will only be inherited by users and databases with the Same as cluster protection level.
  
  Even with deletion protection enabled, one can still connect to the cluster manually and delete the data.
If needed, configure cluster-level DBMS settings.

Note

Some PostgreSQL settings depend on the selected host class or storage size.
Click Create cluster.

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

To create a Managed Service for PostgreSQL cluster:

Check whether your folder has subnets for the cluster hosts:
```
yc vpc subnet list
```
If your folder has no subnets, create them in Yandex Virtual Private Cloud.
View the description of the CLI command for creating a cluster:
```
yc managed-postgresql cluster create --help
```
Specify the cluster properties in this command (the example does not show all that are available):
```
yc managed-postgresql cluster create \
  --name <cluster_name> \
  --environment <environment> \
  --network-name <network_name> \
  --host zone-id=<availability_zone>,`
           `subnet-id=<subnet_ID>,`
           `assign-public-ip=<allow_public_access_to_host> \
  --resource-preset <host_class> \
  --user name=<username>,password=<user_password> \
  --database name=<DB_name>,owner=<DB_owner_name> \
  --disk-size <storage_size_in_GB> \
  --disk-type <network-hdd|network-ssd|network-ssd-nonreplicated|local-ssd> \
  --security-group-ids <list_of_security_group_IDs> \
  --connection-pooling-mode=<connection_pooler_mode> \
  --deletion-protection
```
Where:
- environment: Environment, prestable or production.
- disk-type: Disk type.
- assign-public-ip: Allow access to the host from the internet, true or false.
- deletion-protection: Deletion ptotection for the cluster, its databases, and users.
  
  By default, when users and databases are created, this setting’s value is inherited from the cluster. You can also specify this setting manually. See User management and Database management for details.
  
  If the setting is changed on a running cluster, the new value will only be inherited by users and databases with Same as cluster protection level.
  
  Even with deletion protection enabled, one can still connect to the cluster manually and delete the data.
You need to specify the subnet-id if the selected availability zone has two or more subnets.

Warning

The cloud network selected for cluster deployment can't be changed. If you need to move your cluster to a different cloud network later, use the restore from a backup feature and specify the desired network for the cluster backup.

The database name may contain Latin letters, numbers, underscores, and hyphens. The name may be up to 63 characters long. The names postgres, template0, and template1 are reserved for Managed Service for PostgreSQL. You cannot create databases with these names.

The password must be from 8 to 128 characters long.
Note
You can also generate a password using Connection Manager. To do this, edit the command, specifying user properties as follows:
```
  --user name=<username>,generate-password=true
```
To view the password, select your cluster in the management console, navigate to the Users tab, and click View password for the relevant user. This will open the page of the Yandex Lockbox secret containing the password. To view passwords, you need the lockbox.payloadViewer role.
The available connection pooler modes include SESSION, TRANSACTION, and STATEMENT.

You can also specify the --host replication-source option to manually manage replication threads.

To encrypt the disk with a custom KMS key, provide --disk-encryption-key-id <KMS_key_ID>. To learn more about disk encryption, see Storage.

To allow access to the cluster from Yandex Cloud Functions, provide the --serverless-access argument. For details on setting up access, see this Cloud Functions guide.

To allow access to the cluster from Yandex Query, provide the --yandexquery-access=true argument. This feature is in the Preview stage and can be enabled upon request.

Note

The default maintenance mode for new clusters is anytime. You can set a specific maintenance period when updating the cluster settings.

With Terraform, you can quickly create a cloud infrastructure in Yandex Cloud and manage it using configuration files. These files store the infrastructure description written in HashiCorp Configuration Language (HCL). If you change the configuration files, Terraform automatically detects which part of your configuration is already deployed, and what should be added or removed.

Terraform is distributed under the Business Source License. The Yandex Cloud provider for Terraform is distributed under the MPL-2.0 license.

For more information about the provider resources, see the relevant documentation on the Terraform website or its mirror.

If you do not have Terraform yet, install it and configure the Yandex Cloud provider.

To create a Managed Service for PostgreSQL cluster:

In the configuration file, describe the properties of resources you want to create:
- Database cluster: Description of the cluster and its hosts.
- Database: Cluster database description.
- User: Cluster user description.
- Network: Description of the cloud network where a cluster will be located. If you already have a suitable network, you don't have to describe it again.
- Subnets: Description of the subnets to connect the cluster hosts to. If you already have suitable subnets, you don't have to describe them again.
Warning

The cloud network selected for cluster deployment can't be changed. If you need to move your cluster to a different cloud network later, use the restore from a backup feature and specify the desired network for the cluster backup.

Here is an example of the configuration file structure:
```
resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  name                = "<cluster_name>"
  environment         = "<environment>"
  network_id          = "<network_ID>"
  security_group_ids  = [ "<list_of_security_group_IDs>" ]
  deletion_protection = <protect_cluster_from_deletion>

  config {
    version = "<PostgreSQL_version>"
    resources {
      resource_preset_id = "<host_class>"
      disk_type_id       = "<disk_type>"
      disk_size          = <storage_size_in_GB>
    }
    pooler_config {
      pool_discard = <Odyssey_parameter>
      pooling_mode = "<operation_mode>"
    }
    ...
  }

  host {
    zone             = "<availability_zone>"
    name             = "<host_name>"
    subnet_id        = "<subnet_ID>"
    assign_public_ip = <allow_public_access_to_host>
  }
}

resource "yandex_mdb_postgresql_database" "<DB_name>" {
  cluster_id = "<cluster_ID>"
  name       = "<DB_name>"
  owner      = "<database_owner_name>"
  depends_on = [
    yandex_mdb_postgresql_user.<username>
  ]
}

resource "yandex_mdb_postgresql_user" "<username>" {
  cluster_id = "<cluster_ID>"
  name       = "<username>"
  password   = "<user_password>"
}

resource "yandex_vpc_network" "<network_name>" { name = "<network_name>" }

resource "yandex_vpc_subnet" "<subnet_name>" {
  name           = "<subnet_name>"
  zone           = "<availability_zone>"
  network_id     = "<network_ID>"
  v4_cidr_blocks = ["<range>"]
}
```
Where:
- environment: Environment, PRESTABLE or PRODUCTION.
- assign_public_ip: Allow access to the host from the internet, true or false.
- deletion_protection: Protection of the cluster, its databases, and users against deletion, true or false.
  
  By default, when users and databases are created, this setting’s value is inherited from the cluster. You can also specify this setting manually. See User management and Database management for details.
  
  If the setting is changed on a running cluster, the new value will only be inherited by users and databases with the Same as cluster protection level.
  
  Even with deletion protection enabled, one can still connect to the cluster manually and delete the data.
- version: PostgreSQL version, 13, 13-1c, 14, 14-1c, 15, 15-1c, 16, 16-1c, and 17.
- pool_discard: Odyssey pool_discard parameter, true or false.
- pooling_mode: Operation mode, SESSION, TRANSACTION, or STATEMENT.
The database name may contain Latin letters, numbers, underscores, and hyphens. The name may be up to 63 characters long. The names postgres, template0, and template1 are reserved for Managed Service for PostgreSQL. You cannot create databases with these names.

The password must be from 8 to 128 characters long.

Note

You can also generate a password using Connection Manager. Do it by going generate_password = true instead of password = "<user_password>".

To view the password, select your cluster in the management console, navigate to the Users tab, and click View password for the relevant user. This will open the page of the Yandex Lockbox secret containing the password. To view passwords, you need the lockbox.payloadViewer role.

To configure automatic storage scaling, add the disk_size_autoscaling section within the config section:
```
  resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
    ...
    config {
      ...
      disk_size_autoscaling {
        disk_size_limit           = <maximum_storage_size_GiB>
        emergency_usage_threshold = <threshold_for_immediate_increase_in_percent>
        planned_usage_threshold   = <threshold_for_scheduled_increase_in_percent>
      }
      ...
    }
    ...
  }
```
Where:
- disk_size_limit: Maximum object size after increase, in gibibytes.
- emergency_usage_threshold: Storage utilization threshold to trigger a storage increase right away, in percent. This is an optional setting. The default value is 0 (automatic increase is disabled).
  
  The possible values range from 0 to 100.
- planned_usage_threshold: Storage utilization threshold to trigger a storage increase during the next maintenance window, in percent. This is an optional setting. The default value is 0 (automatic increase is disabled).
  
  The possible values range from 0 to 100.
For more information about storage increase conditions, see this section.
Warning
- When using planned_usage_threshold, make sure to set up a maintenance window in the maintenance_window section.
- If you specify both thresholds, emergency_usage_threshold must not be less than planned_usage_threshold.
To set up the maintenance window (for disabled clusters as well), add the maintenance_window section to the cluster description:
```
resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  ...
  maintenance_window {
    type = <maintenance_type>
    day  = <day_of_week>
    hour = <hour>
  }
  ...
}
```
Where:
- type: Maintenance type. The possible values include:
  - ANYTIME: Anytime
  - WEEKLY: On a schedule
- day: Day of week for the WEEKLY type, i.e., MON, TUE, WED, THU, FRI, SAT, or SUN.
- hour: UTC hour for the WEEKLY type, from 1 to 24.
To encrypt the disk with a custom KMS key, add the disk_encryption_key_id parameter:
```
resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  ...
  disk_encryption_key_id = <KMS_key_ID>
  ...
}
```
To learn more about disk encryption, see Storage.

To set up statistics collection, to the config section, add the performance_diagnostics section:
```
resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  ...
  config {
    ...
    performance_diagnostics {
      enabled = <enables statistics collection: true or false>
      sessions_sampling_interval  = <sessions sampling interval>
      statements_sampling_interval = <statements sampling interval>
    }
    ...
  }
  ...
}
```
Where:
- enabled: Enable statistics collection, true or false.
- sessions_sampling_interval: Session sampling interval, from 1 to 86400 seconds.
- statements_sampling_interval: Statement sampling interval, from 60 to 86400 seconds.
For a complete list of configurable Managed Service for PostgreSQL cluster fields, refer to the Terraform provider guides.
Check if the settings are correct.
1. In the command line, navigate to the directory that contains the current Terraform configuration files defining the infrastructure.
2. Run this command:
```
terraform validate
```
  Terraform will show any errors found in your configuration files.
Create a cluster.
1. Run this command to view the planned changes:
```
terraform plan
```
  If you described the configuration correctly, the terminal will display a list of the resources to update and their parameters. This is a verification step that does not apply changes to your resources.
2. If everything looks correct, apply the changes:
  1. Run this command:
```
terraform apply
```
  2. Confirm updating the resources.
  3. Wait for the operation to complete.
Time limits
A Terraform provider sets the timeout for Managed Service for PostgreSQL cluster operations:
- Creating a cluster, including restoring from a backup: 30 minutes.
- Editing a cluster: 60 minutes.
- Deleting a cluster: 15 minutes.
Operations exceeding the set timeout are interrupted.
How do I change these limits?
Add the timeouts block to the cluster description, for example:

resource "yandex_mdb_postgresql_cluster" "<cluster_name>" { ... timeouts { create = "1h30m" # 1 hour 30 minutes update = "2h" # 2 hours delete = "30m" # 30 minutes } }

Get an IAM token for API authentication and save it as an environment variable:
```
export IAM_TOKEN="<IAM_token>"
```
Create a file named body.json and paste the following code into it:
```
{
  "folderId": "<folder_ID>",
  "name": "<cluster_name>",
  "environment": "<environment>",
  "networkId": "<network_ID>",
  "securityGroupIds": [
    "<security_group_1_ID>",
    "<security_group_2_ID>",
    ...
    "<security_group_N_ID>"
  ],
  "deletionProtection": <protect_cluster_from_deletion>,
  "configSpec": {
    "version": "<PostgreSQL_version>",
    "resources": {
      "resourcePresetId": "<host_class>",
      "diskSize": "<storage_size_in_bytes>",
      "diskTypeId": "<disk_type>"
    },
    "access": {
      "dataLens": <allow_access_from_DataLens>,
      "webSql": <allow_access_from_WebSQL>,
      "serverless": <allow_access_from_Cloud_Functions>,
      "dataTransfer": <allow_access_from_Data_Transfer>,
      "yandexQuery": <allow_access_from_Query>
    },
    "performanceDiagnostics": {
      "enabled": <enable_statistics_collection>,
      "sessionsSamplingInterval": "<session_sampling_interval>",
      "statementsSamplingInterval": "<statement_sampling_interval>"
    },
    "diskSizeAutoscaling": {
      "plannedUsageThreshold": "<threshold_for_scheduled_increase_in_percent>",
      "emergencyUsageThreshold": "<threshold_for_immediate_increase_in_percent>",
      "diskSizeLimit": "<maximum_storage_size_in_bytes>"
    }
  },
  "databaseSpecs": [
    {
      "name": "<DB_name>",
      "owner": "<DB_owner_name>"
    },
    { <similar_configuration_for_DB_2> },
    { ... },
    { <similar_configuration_for_DB_N> }
  ],
  "userSpecs": [
    {
      "name": "<username>",
      "password": "<user_password>",
      "permissions": [
        {
          "databaseName": "<DB_name>"
        }
      ],
      "login": <allow_user_to_connect_to_DB>
    },
    { <similar_settings_for_user_2> },
    { ... },
    { <similar_settings_for_user_N> }
  ],
  "hostSpecs": [
    {
      "zoneId": "<availability_zone>",
      "subnetId": "<subnet_ID>",
      "assignPublicIp": <allow_public_access_to_host>
    },
    { <similar_settings_for_host_2> },
    { ... },
    { <similar_settings_for_host_N> }
  ],
  "maintenanceWindow": {
    "weeklyMaintenanceWindow": {
      "day": "<day_of_week>",
      "hour": "<hour>"
    }
  }
}
```
Where:
- folderId: Folder ID. You can get it with the list of folders in the cloud.
- name: Cluster name.
- environment: Cluster environment, PRODUCTION or PRESTABLE.
- networkId: ID of the network where the cluster will be deployed.
  
  Warning
  
  The cloud network selected for cluster deployment can't be changed. If you need to move your cluster to a different cloud network later, use the restore from a backup feature and specify the desired network for the cluster backup.
- securityGroupIds: Security group IDs.
- deletionProtection: Protection of the cluster, its databases, and users against deletion, true or false value.
  
  By default, when users and databases are created, this setting’s value is inherited from the cluster. You can also specify this setting manually. See User management and Database management for details.
  
  If the setting is changed on a running cluster, the new value will only be inherited by users and databases with the Same as cluster protection level.
  
  Even with deletion protection enabled, one can still connect to the cluster manually and delete the data.
- configSpec: Cluster settings:
  - version: PostgreSQL version.
  - resources: Cluster resources:
    - resourcePresetId: Host class.
    - diskSize: Disk size, in bytes.
    - diskTypeId: Disk type.
  - access: Settings for cluster access to the following Yandex Cloud services:
    - dataLens: Yandex DataLens
    - webSql: Yandex WebSQL
    - serverless: Yandex Cloud Functions
    - dataTransfer: Yandex Data Transfer
    - yandexQuery: Yandex Query
    The possible setting values are true or false.
  - performanceDiagnostics: Statistics collection settings:
    - enabled: Enables statistics collection, true or false.
    - sessionsSamplingInterval: Session sampling interval. The values range from 1 to 86400 seconds.
    - statementsSamplingInterval: Statement sampling interval. The values range from 60 to 86400 seconds.
  - diskSizeAutoscaling: Automatic storage size increase settings:
    - plannedUsageThreshold: Storage utilization threshold to trigger a storage increase during the next maintenance window, in percent. This is an optional setting. The default value is 0 (automatic increase is disabled).
      
      The possible values range from 0 to 100.
    - emergencyUsageThreshold: Storage utilization threshold to trigger a storage increase right away, in percent. This is an optional setting. The default value is 0 (automatic increase is disabled).
      
      The possible values range from 0 to 100.
    - diskSizeLimit: Maximum object size after increase, in bytes.
    Warning
    When using plannedUsageThreshold, make sure to specify the maintenanceWindow setting.
    
    If you specify both thresholds, emergencyUsageThreshold must not be less than plannedUsageThreshold.
    For more information about storage increase conditions, see this section.
- databaseSpecs: Database settings as an array of elements, one per database. Each element has the following structure:
  - name: Database name.
  - owner: Database owner username. This setting must correspond to one of the usernames specified in the request.
- userSpecs: User settings as an array of elements, one per user. Each element has the following structure:
  - name: Username.
  - password: Password. The password must be from 8 to 128 characters long.
    
    You can also generate a password using Connection Manager. To do this, specify "generatePassword": true instead of "password": "<user_password>".
    
    To view the password, select your cluster in the management console, navigate to the Users tab, and click View password for the relevant user. This will open the page of the Yandex Lockbox secret containing the password. To view passwords, you need the lockbox.payloadViewer role.
  - permissions.databaseName: Name of the database to which the user will have access.
  - login: User permission to connect to the DB, true or false.
- hostSpecs: Cluster host settings as an array of elements, one per host. Each element has the following structure:
  - zoneId: Availability zone.
  - subnetId: Subnet ID.
  - assignPublicIp: Permission to connect to the host from the internet, true or false.
- maintenanceWindow: Maintenance window settings:
  - day: Day of the week, in DDD format, for scheduled maintenance.
  - hour: Hour of day, in HH format, for scheduled maintenance. The valid values range from 1 to 24.

Call the Cluster.Create method, e.g., via the following cURL request:

curl \
  --request POST \
  --header "Authorization: Bearer $IAM_TOKEN" \
  --header "Content-Type: application/json" \
  --url 'https://mdb.api.cloud.yandex.net/managed-postgresql/v1/clusters' \
  --data "@body.json"

View the server response to make sure your request was successful.

Get an IAM token for API authentication and save it as an environment variable:
```
export IAM_TOKEN="<IAM_token>"
```
Clone the cloudapi repository:
```
cd ~/ && git clone --depth=1 https://github.com/yandex-cloud/cloudapi
```
Below, we assume the repository contents are stored in the ~/cloudapi/ directory.
Create a file named body.json and paste the following code into it:
```
{
  "folder_id": "<folder_ID>",
  "name": "<cluster_name>",
  "environment": "<environment>",
  "network_id": "<network_ID>",
  "security_group_ids": [
    "<security_group_1_ID>",
    "<security_group_2_ID>",
    ...
    "<security_group_N_ID>"
  ],
  "deletion_protection": <protect_cluster_from_deletion>,
  "config_spec": {
    "version": "<PostgreSQL_version>",
    "resources": {
      "resource_preset_id": "<host_class>",
      "disk_size": "<storage_size_in_bytes>",
      "disk_type_id": "<disk_type>"
    },
    "access": {
      "data_lens": <allow_access_from_DataLens>,
      "web_sql": <allow_access_from_WebSQL>,
      "serverless": <allow_access_from_Cloud_Functions>,
      "data_transfer": <allow_access_from_Data_Transfer>,
      "yandex_query": <allow_access_from_Query>
    },
    "performance_diagnostics": {
      "enabled": <enable_statistics_collection>,
      "sessions_sampling_interval": "<session_sampling_interval>",
      "statements_sampling_interval": "<statement_sampling_interval>"
    },
    "disk_size_autoscaling": {
      "planned_usage_threshold": "<threshold_for_scheduled_increase_in_percent>",
      "emergency_usage_threshold": "<threshold_for_immediate_increase_in_percent>",
      "disk_size_limit": "<maximum_storage_size_in_bytes>"
    }
  },
  "database_specs": [
    {
      "name": "<DB_name>",
      "owner": "<DB_owner_name>"
    },
    { <similar_configuration_for_DB_2> },
    { ... },
    { <similar_configuration_for_DB_N> }
  ],
  "user_specs": [
    {
      "name": "<username>",
      "password": "<user_password>",
      "permissions": [
        {
          "database_name": "<DB_name>"
        }
      ],
      "login": <allow_user_to_connect_to_DB>
    },
    { <similar_settings_for_user_2> },
    { ... },
    { <similar_settings_for_user_N> }
  ],
  "host_specs": [
    {
      "zone_id": "<availability_zone>",
      "subnet_id": "<subnet_ID>",
      "assign_public_ip": <allow_public_access_to_host>
    },
    { <similar_settings_for_host_2> },
    { ... },
    { <similar_settings_for_host_N> }
  ],
  "maintenance_window": {
    "weekly_maintenance_window": {
      "day": "<day_of_week>",
      "hour": "<hour>"
    }
  }
}
```
Where:
- folder_id: Folder ID. You can request it with the list of folders in the cloud.
- name: Cluster name.
- environment: Cluster environment, PRODUCTION or PRESTABLE.
- network_id: ID of the network where the cluster will be deployed.
  
  Warning
  
  The cloud network selected for cluster deployment can't be changed. If you need to move your cluster to a different cloud network later, use the restore from a backup feature and specify the desired network for the cluster backup.
- security_group_ids: Security group IDs.
- deletion_protection: Protection of the cluster, its databases, and users against deletion, true or false value.
  
  By default, when users and databases are created, this setting’s value is inherited from the cluster. You can also specify this setting manually. See User management and Database management for details.
  
  If the setting is changed on a running cluster, the new value will only be inherited by users and databases with the Same as cluster protection level.
  
  Even with deletion protection enabled, one can still connect to the cluster manually and delete the data.
- config_spec: Cluster settings:
  - version: PostgreSQL version.
  - resources: Cluster resources:
    - resource_preset_id: Host class.
    - disk_size: Disk size, in bytes.
    - disk_type_id: Disk type.
  - access: Cluster settings for access to the following Yandex Cloud services:
    - data_lens: Yandex DataLens
    - web_sql: Yandex WebSQL
    - serverless: Yandex Cloud Functions
    - data_transfer: Yandex Data Transfer
    - yandex_query: Yandex Query
    Possible setting values are true or false.
  - performance_diagnostics: Statistics collection settings:
    - enabled: Enables statistics collection, true or false.
    - sessions_sampling_interval: Session sampling interval. The values range from 1 to 86400 seconds.
    - statements_sampling_interval: Statement sampling interval. The values range from 60 to 86400 seconds.
  - disk_size_autoscaling: Automatic storage size increase settings:
    - planned_usage_threshold: Storage utilization threshold to trigger a storage increase during the next maintenance window, in percent. This is an optional setting. The default value is 0 (automatic increase is disabled).
      
      The possible values range from 0 to 100.
    - emergency_usage_threshold: Storage utilization threshold to trigger a storage increase right away, in percent. This is an optional setting. The default value is 0 (automatic increase is disabled).
      
      The possible values range from 0 to 100.
    - disk_size_limit: Maximum object size after an increase, in bytes.
    Warning
    When using planned_usage_threshold, make sure to specify the maintenance_window setting.
    
    If you specify both thresholds, emergency_usage_threshold must not be less than planned_usage_threshold.
    For more information about storage increase conditions, see this section.
- database_specs: Database settings as an array of elements, one for each DB. Each element has the following structure:
  - name: Database name.
  - owner: Database owner username. This setting must correspond to one of the usernames specified in the request.
- user_specs: User settings as an array of elements, one per user. Each element has the following structure:
  - name: Username.
  - password: Password. The password must be from 8 to 128 characters long.
    
    You can also generate a password using Connection Manager. To do this, specify "generate_password": true instead of "password": "<user_password>".
    
    To view the password, select your cluster in the management console, navigate to the Users tab, and click View password for the relevant user. This will open the page of the Yandex Lockbox secret containing the password. To view passwords, you need the lockbox.payloadViewer role.
  - permissions.database_name: Name of the database to which the user will have access.
  - login: User permission to connect to the DB, true or false.
- host_specs: Cluster host settings as an array of elements, one per host. Each element has the following structure:
  - zone_id: Availability zone.
  - subnet_id: Subnet ID.
  - assign_public_ip: Permission for internet access to the host.
- maintenance_window: Maintenance window settings:
  - day: Day of the week, in DDD format, for scheduled maintenance.
  - hour: Hour of day, in HH format, for scheduled maintenance. The valid values range from 1 to 24.

Call the ClusterService.Create method, e.g., via the following gRPCurl request:

grpcurl \
  -format json \
  -import-path ~/cloudapi/ \
  -import-path ~/cloudapi/third_party/googleapis/ \
  -proto ~/cloudapi/yandex/cloud/mdb/postgresql/v1/cluster_service.proto \
  -rpc-header "Authorization: Bearer $IAM_TOKEN" \
  -d @ \
  mdb.api.cloud.yandex.net:443 \
  yandex.cloud.mdb.postgresql.v1.ClusterService.Create \
  < body.json

Check the server response to make sure your request was successful.

Warning

If you specified security group IDs when creating a cluster, you may also need to configure security groups to connect to it.

Creating a cluster copy

You can create a PostgreSQL cluster with the settings of another one created earlier. Do it by importing the original PostgreSQL cluster configuration to Terraform. This way, you can either create an identical copy or use the imported configuration as the baseline and modify it as needed. Importing a configuration is a good idea if the original PostgreSQL cluster has lots of settings and you want to create a similar one.

To create a PostgreSQL cluster copy:

Terraform

If you do not have Terraform yet, install it.
Get the authentication credentials. You can add them to environment variables or specify them later in the provider configuration file.
Configure and initialize a provider. There is no need to create a provider configuration file manually, you can download it.
Place the configuration file in a separate working directory and specify the parameter values. If you did not add the authentication credentials to environment variables, specify them in the configuration file.
In the same working directory, place a .tf file with the following contents:
```
resource "yandex_mdb_postgresql_cluster" "old" { }
```
Save the ID of the original PostgreSQL cluster to an environment variable:
```
export POSTGRESQL_CLUSTER_ID=<cluster_ID>
```
You can request the ID with the list of clusters in the folder.
Import the original PostgreSQL cluster settings to the Terraform configuration:
```
terraform import yandex_mdb_postgresql_cluster.old ${POSTGRESQL_CLUSTER_ID}
```
Display the imported configuration:
```
terraform show
```
Copy it from the terminal and paste it into the .tf file.
Place the file in the new imported-cluster directory.
Edit the copied configuration so that you can create a new cluster from it:
- Specify the new cluster name in the resource string and the name parameter.
- Delete created_at, health, id, and status.
- In the host sections, delete fqdn and role.
- If the disk_size_autoscaling section has disk_size_limit = 0, delete this section.
- If the maintenance_window section has type = "ANYTIME", delete the hour parameter.
- Optionally, make further changes if you need a customized configuration.
Get the authentication credentials in the imported-cluster directory.
In the same directory, configure and initialize the provider. There is no need to create a provider configuration file manually, as you can download it.
Place the configuration file in the imported-cluster directory and specify the parameter values. If you did not add the authentication credentials to environment variables, specify them in the configuration file.
Make sure the Terraform configuration files are correct:
```
terraform validate
```
Terraform will show any errors found in your configuration files.
Create the required infrastructure:
1. Run this command to view the planned changes:
```
terraform plan
```
  If you described the configuration correctly, the terminal will display a list of the resources to update and their parameters. This is a verification step that does not apply changes to your resources.
2. If everything looks correct, apply the changes:
  1. Run this command:
```
terraform apply
```
  2. Confirm updating the resources.
  3. Wait for the operation to complete.
All the required resources will be created in the specified folder. You can check resource availability and their settings in the management console.

Time limits

A Terraform provider sets the timeout for Managed Service for PostgreSQL cluster operations:

Creating a cluster, including restoring from a backup: 30 minutes.
Editing a cluster: 60 minutes.
Deleting a cluster: 15 minutes.

Operations exceeding the set timeout are interrupted.

How do I change these limits?

Add the timeouts block to the cluster description, for example:

resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  ...
  timeouts {
    create = "1h30m" # 1 hour 30 minutes
    update = "2h"    # 2 hours
    delete = "30m"   # 30 minutes
  }
}

Examples

Creating a single-host cluster

CLI

Terraform

To create a cluster with a single host, provide a single --host parameter.

Create a Managed Service for PostgreSQL cluster with the following test specifications:

Name: mypg.
Environment: production.
Network: default.
Security group: enp6saqnq4ie244g67sb.
One s2.micro host in the b0rcctk2rvtr******** subnet and ru-central1-a availability zone.
Network SSD storage (network-ssd): 20 GB.
User: user1, password: user1user1.
Database: db1, owner: user1.
Deletion protection for the cluster, its databases, and users: Enabled.

Run this command:

yc managed-postgresql cluster create \
   --name mypg \
   --environment production \
   --network-name default \
   --resource-preset s2.micro \
   --host zone-id=ru-central1-a,subnet-id=b0rcctk2rvtr******** \
   --disk-type network-ssd \
   --disk-size 20 \
   --user name=user1,password=user1user1 \
   --database name=db1,owner=user1 \
   --security-group-ids enp6saqnq4ie244g67sb \
   --deletion-protection

Create a Managed Service for PostgreSQL cluster and its network with the following test specifications:

Name: mypg.
Version: 17.
Environment: PRESTABLE.
Cloud ID: b1gq90dgh25bebiu75o.
Folder ID: b1gia87mbaomkfvsleds.
Network: mynet.
Security group allowing internet access to the cluster on port 6432: pgsql-sg.
Host class: s2.micro (one host), subnet: mysubnet, availability zone: ru-central1-a. mysubnet CIDR range: 10.5.0.0/24.
Network SSD storage (network-ssd): 20 GB.
User: user1, password: user1user1.
Database: db1, owner: user1.
Deletion protection for the cluster, its databases, and users: Enabled.

The configuration file for this cluster looks like this:

resource "yandex_mdb_postgresql_cluster" "mypg" {
  name                = "mypg"
  environment         = "PRESTABLE"
  network_id          = yandex_vpc_network.mynet.id
  security_group_ids  = [ yandex_vpc_security_group.pgsql-sg.id ]
  deletion_protection = true

  config {
    version = 17
    resources {
      resource_preset_id = "s2.micro"
      disk_type_id       = "network-ssd"
      disk_size          = "20"
    }
  }

  host {
    zone      = "ru-central1-a"
    name      = "mypg-host-a"
    subnet_id = yandex_vpc_subnet.mysubnet.id
  }
}

resource "yandex_mdb_postgresql_database" "db1" {
  cluster_id = yandex_mdb_postgresql_cluster.mypg.id
  name       = "db1"
  owner      = "user1"
}

resource "yandex_mdb_postgresql_user" "user1" {
  cluster_id = yandex_mdb_postgresql_cluster.mypg.id
  name       = "user1"
  password   = "user1user1"
}

resource "yandex_vpc_network" "mynet" {
  name = "mynet"
}

resource "yandex_vpc_subnet" "mysubnet" {
  name           = "mysubnet"
  zone           = "ru-central1-a"
  network_id     = yandex_vpc_network.mynet.id
  v4_cidr_blocks = ["10.5.0.0/24"]
}

resource "yandex_vpc_security_group" "pgsql-sg" {
  name       = "pgsql-sg"
  network_id = yandex_vpc_network.mynet.id

  ingress {
    description    = "PostgreSQL"
    port           = 6432
    protocol       = "TCP"
    v4_cidr_blocks = [ "0.0.0.0/0" ]
  }
}

Creating a PostgreSQL cluster

Creating a clusterCreating a cluster

Creating a cluster copyCreating a cluster copy

ExamplesExamples

Creating a single-host clusterCreating a single-host cluster

Was the article helpful?

Creating a cluster

Creating a cluster copy

Examples

Creating a single-host cluster