Creating a PostgreSQL cluster

Written by

Improved by

Updated at December 29, 2025

Creating a cluster
Creating a cluster copy
Examples
- Creating a single-host cluster

A PostgreSQL cluster consists of one or multiple database hosts, with the option to configure replication between them. Replication is enabled by default in any cluster with more than one host. The master host accepts write requests and propagates the changes to its replicas. A transaction is committed once the data is written to disk on both the master host and on a sufficient number of replicas to form a quorum.

Note

The number of hosts you can create in a PostgreSQL cluster depends on the selected disk type and the host class.
The available disk types depend on the selected host class.
If the database storage reaches 97% capacity, the cluster will switch to read-only mode. Plan and increase your storage size beforehand, or set up an automatic storage expansion.

By default, Managed Service for PostgreSQL sets the maximum possible number of connections for each host in the PostgreSQL cluster. This maximum cannot exceed the value of the Max connections setting.

Warning

Managed Service for PostgreSQL reserves 15 connections for service users per PostgreSQL host. For example, if the cluster has Max connections 100, you can reserve a maximum of 85 connections for cluster users.

Creating a cluster

To create a Managed Service for PostgreSQL cluster, you will need the vpc.user role, as well as the managed-postgresql.editor role or higher. For more information on assigning roles, see the Identity and Access Management guides.

Cluster DB connections are managed by Connection Manager. Creating a cluster automatically creates:

Connection Manager connection with information about the database connection.
Yandex Lockbox secret that stores the DB owner's user password. Storing passwords in Yandex Lockbox ensures their security.

The connection and secret will be created for each new database user. To view all connections, select the Connections tab on the cluster page.

You need the connection-manager.viewer role to view connection info. You can use Connection Manager to configure access to connections.

You can use Connection Manager and secrets you create there free of charge.

Management console

CLI

Terraform

REST API

gRPC API

To create a Managed Service for PostgreSQL cluster:

In the management console, select the folder where you want to create your database cluster.
Go to Managed Service for PostgreSQL.
Click Create cluster.
Specify the cluster name in the Cluster name field. The cluster name must be unique within the folder.
Select the environment where you want to create your cluster (the environment cannot be changed after cluster creation):
- PRODUCTION: For stable versions of your applications.
- PRESTABLE: For testing purposes. The prestable environment is similar to the production environment and is also covered by an SLA. However, it receives new features, enhancements, and bug fixes earlier. In the prestable environment, you can test the new versions for compatibility with your application.
Select the DBMS version.
Select the host class, which will determine the technical specifications of the VMs for deploying your database hosts. All available options are listed under Host classes. Changing the cluster’s host class updates the specifications for all of its existing hosts.
Under Storage size:
- Select the disk type.
  
  The selected type determines the increments in which you can change your disk size:
  - Network HDD and SSD storage: In increments of 1 GB.
  - Local SSD storage:
    - For Intel Broadwell and Intel Cascade Lake: In increments of 100 GB.
    - For Intel Ice Lake: In increments of 368 GB.
  - Non-replicated SSDs and ultra high-speed network SSDs with three replicas: In increments of 93 GB.
- Select the storage capacity for your data and backups. For more details on how backups utilize storage space, see Backups.
- Optionally, select Encrypted disk to encrypt the disk with a custom KMS key.
  - To create a new key, click Create.
  - To use the key you created earlier, select it in the KMS key field.
  To learn more about disk encryption, see Storage.
Optionally, under Automatic increase of storage size, specify the following settings:
- In the Increase size field, specify the conditions for the actions below:
  - Storage size increase during the next maintenance window once the fill level exceeds the specified percentage.
  - Storage size increase immediately once the fill level exceeds the specified percentage.
  You can set both thresholds, provided that the threshold for immediate scaling is higher than that for scaling during the maintenance window.
  
  For more information on storage scaling rules, see this section.
- In the Maximum storage size field, specify the maximum storage size that can be set during automatic scaling.
Upon reaching the specified threshold, the storage expands with the increase size depending on the disk type:
- For network HDDs and SSDs, the increase is the larger of these two values: 20 GB or 20% of the current disk size.
- For non-replicated SSDs and ultra-fast network SSDs with triple replication, the increase is 93 GB.
- For local SSDs:
  - In an Intel Broadwell or Intel Cascade Lake cluster, the increase is 100 GB.
  - In Intel Ice Lake cluster, the increase is 368 GB.
If the threshold is triggered again, the storage size will automatically increase once more. This process will repeat until the storage size reaches the specified maximum. After that, you can specify a new maximum storage size manually.
Warning
- You cannot reduce the storage size.
- When using local disks (local-ssd), cluster hosts will be unavailable while the storage is being resized.
Note

Some PostgreSQL settings depend on the storage size.

If you have configured storage scaling during a maintenance window, set the maintenance schedule.
Under Database, specify the database details:
- Database name. The name must be unique within the folder.
  
  The database name may contain Latin letters, numbers, underscores, and hyphens. The maximum name length is 63 characters. The names postgres, template0, and template1 are reserved for internal use by Managed Service for PostgreSQL. You cannot create databases using these names.
- Database owner username. By default, the system allocates 50 connections per cluster host to a new user. You can change the maximum number of connections using the Conn limit setting.
  
  The username may contain Latin letters, numbers, hyphens, and underscores. It must start with a letter, number, or underscore, but cannot begin with a pg_ prefix. The maximum name length is 63 characters.
  
  The names admin, repl, monitor, postgres, mdb_superuser, mdb_admin, mdb_monitor, and mdb_replication are reserved for internal use by Managed Service for PostgreSQL. You cannot create users with these names.
- Password:
  - Enter manually: Select this option to set your own password. It must be from 8 to 128 characters long.
  - Generate: Select this option to generate a password using Connection Manager.
  To view the password after cluster creation, select the Users tab and click View password for the relevant user. This will open the page of the Yandex Lockbox secret containing the password. Viewing passwords requires the lockbox.payloadViewer role.
- Collation locale and character set locale. These settings define the rules for sorting strings (LC_COLLATE) and classifying characters (LC_CTYPE). In Managed Service for PostgreSQL, locale settings apply at the level of an individual database.
  
  PostgreSQL supports multiple locales. The choice of locale affects the following:
  - Sort order in queries using the ORDER BY clause or standard text comparison operators.
  - upper, lower, initcap, and to_char functions.
  - Pattern-matching operators, e.g., LIKE, ILIKE, SIMILAR TO, and regular expressions.
  - Support of indexes with the LIKE operator.
  The default locale is C. When using the C encoding for text data with non-Latin, e.g., Cyrillic, characters, you may encounter errors in data sorting and incorrect pattern-matching results. If this locale causes incorrect data handling in your database, select a different one from the list. However, note that using a non-standard locale may reduce database query performance.
  
  To learn more about locale settings, see the this PostgreSQL article.
  
  Once you create a database, you cannot change its locale settings. However, you can set a collation for columns when creating or altering individual tables. For more information, see the relevant PostgreSQL guides.
Under Network settings, select:
- Cloud network for cluster deployment. If there are no networks in the list, click Create network to create one:
  1. In the window that opens, specify the network name and select the folder where it will be created.
  2. Optionally, check Create subnets to automatically create subnets in all availability zones.
  3. Click Create network.
  Warning
  
  The cloud network selected for cluster deployment cannot be changed later. If you need to migrate your cluster to another cloud network in the future, use the restore from a backup feature and specify the required network for your new cluster copy.
- Security groups for the cluster network traffic. You may need to configure the security groups to connect to the cluster.
Under Hosts, configure the settings for the cluster’s database hosts. By default, each host is created in a separate subnet. To select a specific subnet for a host, click next to it.

The minimum number of hosts per cluster depends on the selected disk type. The default cluster configuration offered in the management console includes:
- Two hosts if the selected disk type is network-ssd, network-hdd, or network-ssd-io-m3.
- Three hosts if the selected disk type is local-ssd or network-ssd-nonreplicated.
Warning

We do not recommend creating a single-host cluster. While being cheaper, it will not ensure high availability.

After creating a Managed Service for PostgreSQL cluster, you can add more hosts to it if your folder resource quotas allow.

To enable internet access to the hosts, check Public access.
Specify additional cluster settings, if required:
- Backup start time (UTC): Time interval during which the cluster backup starts. Time is specified in 24-hour UTC format. The default time is 22:00 - 23:00 UTC.
- Retention period for automatic backups, days: Retention period for automatic backups. Backups are automatically deleted once their retention period expires. The default retention period is 7 days. For more information, see Backups.
  
  Changing the retention period affects both new and existing automatic backups. For example, the initial retention period was 7 days. A specific automatic backup has 1 day of remaining lifetime. If you increase the retention period to 9 days, that backup’s remaining lifetime becomes 3 days.
  
  Automatic cluster backups are stored for a specified number of days, while manually created ones are stored indefinitely. After a cluster is deleted, all its backups are retained for 7 days.
- Maintenance window: Maintenance window settings:
  - To enable maintenance at any time, select arbitrary (default).
  - To specify the preferred maintenance start time, select by schedule and specify the desired day of the week and UTC hour. For example, you can choose a time when the cluster is least loaded.
  Maintenance operations are carried out both on enabled and disabled clusters. They may include updating the DBMS, applying patches, and so on.
- DataLens access: Enables you to analyze cluster data in Yandex DataLens.
- WebSQL access: Enables you to run SQL queries against cluster databases from the Yandex Cloud management console using Yandex WebSQL.
- Yandex Query access: Enables you to run YQL queries against cluster databases from Yandex Query.
- Serverless access: Enables cluster access from Yandex Cloud Functions. For more details on configuring access, see this Cloud Functions article.
- Statistics sampling: Enables you to use the Performance diagnostics tool in a cluster. When enabling this option, also configure Sessions sampling interval and Statements sampling interval using the sliders. Both settings are measured in seconds.
- Pooling mode: Select one of the connection pooler modes.
- Deletion protection: Deletion protection for the cluster, its databases, and users.
  
  By default, when users and databases are created, this setting’s value is inherited from the cluster. You can also specify this setting manually. See User management and Database management for details.
  
  If the setting is changed on a running cluster, the new value will only be inherited by users and databases with the Same as cluster protection level.
  
  Even with deletion protection enabled, one can still connect to the cluster manually and delete the data.
If needed, configure cluster-level DBMS settings.

Note

Some PostgreSQL settings depend on the selected host class or storage size.
Click Create cluster.

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

To create a Managed Service for PostgreSQL cluster:

Check whether your folder has subnets for the cluster hosts:
```
yc vpc subnet list
```
If your folder has no subnets, create them in Yandex Virtual Private Cloud.
See the description of the CLI command for creating a cluster:
```
yc managed-postgresql cluster create --help
```
Specify the cluster settings in the creation command (our example does not include all available settings):
```
yc managed-postgresql cluster create \
  --name <cluster_name> \
  --environment <environment> \
  --network-name <network_name> \
  --host zone-id=<availability_zone>,`
           `subnet-id=<subnet_ID>,`
           `assign-public-ip=<allow_public_access_to_host> \
  --resource-preset <host_class> \
  --user name=<username>,password=<user_password> \
  --database name=<DB_name>,owner=<DB_owner_name> \
  --disk-size <storage_size_in_GB> \
  --disk-type <network-hdd|network-ssd|network-ssd-nonreplicated|local-ssd> \
  --security-group-ids <list_of_security_group_IDs> \
  --connection-pooling-mode=<connection_pooler_mode> \
  --deletion-protection
```
Where:
- environment: Environment, prestable or production.
- disk-type: Disk type.
- assign-public-ip: Internet access to the host, true or false.
- deletion-protection: Deletion protection for the cluster, its databases, and users.
  
  By default, when users and databases are created, this setting’s value is inherited from the cluster. You can also specify this setting manually. See User management and Database management for details.
  
  If the setting is changed on a running cluster, the new value will only be inherited by users and databases with Same as cluster protection level.
  
  Even with deletion protection enabled, one can still connect to the cluster manually and delete the data.
You need to specify the subnet-id if the selected availability zone has two or more subnets.

Warning

The cloud network selected for cluster deployment cannot be changed later. If you need to migrate your cluster to another cloud network in the future, use the restore from a backup feature and specify the required network for your new cluster copy.

The database name may contain Latin letters, numbers, underscores, and hyphens. The maximum name length is 63 characters. The names postgres, template0, and template1 are reserved for internal use by Managed Service for PostgreSQL. You cannot create databases using these names.

The password must be from 8 to 128 characters long.
Note
You can also generate a password using Connection Manager. To do this, modify the command, specifying user details as follows:
```
  --user name=<username>,generate-password=true
```
To view the password, select your cluster in the management console, navigate to the Users tab, and click View password for the relevant user. This will open the page of the Yandex Lockbox secret containing the password. Viewing passwords requires the lockbox.payloadViewer role.
The available connection pooler modes include SESSION, TRANSACTION, and STATEMENT.

You can also specify the --host replication-source option to manually manage replication streams.

To encrypt the disk with a custom KMS key, provide --disk-encryption-key-id <KMS_key_ID>. To learn more about disk encryption, see Storage.

To allow access to the cluster from Yandex Cloud Functions, provide the --serverless-access argument. For details on setting up access, see this Cloud Functions guide.

To enable access to the cluster from Yandex Query, use the --yandexquery-access=true flag. This feature is in the Preview stage and can be enabled upon request.

Note

The default maintenance mode for new clusters is anytime. You can set a specific maintenance period when updating the cluster settings.

With Terraform, you can quickly create a cloud infrastructure in Yandex Cloud and manage it using configuration files. These files store the infrastructure description written in HashiCorp Configuration Language (HCL). If you change the configuration files, Terraform automatically detects which part of your configuration is already deployed, and what should be added or removed.

Terraform is distributed under the Business Source License. The Yandex Cloud provider for Terraform is distributed under the MPL-2.0 license.

For more information about the provider resources, see the relevant documentation on the Terraform website or its mirror.

If you do not have Terraform yet, install it and configure the Yandex Cloud provider.

To create a Managed Service for PostgreSQL cluster:

In the configuration file, describe the resources you want to create:
- Database cluster: Description of the cluster and its hosts.
- Database: Cluster database description.
- User: Cluster user description.
- Network: Description of the cloud network where a cluster will be located. If you already have a suitable network, you don't have to describe it again.
- Subnets: Description of the subnets to connect the cluster hosts to. If you already have suitable subnets, you don't have to describe them again.
Warning

The cloud network selected for cluster deployment cannot be changed later. If you need to migrate your cluster to another cloud network in the future, use the restore from a backup feature and specify the required network for your new cluster copy.

Configuration file structure example:
```
resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  name                = "<cluster_name>"
  environment         = "<environment>"
  network_id          = "<network_ID>"
  security_group_ids  = [ "<list_of_security_group_IDs>" ]
  deletion_protection = <protect_cluster_from_deletion>

  config {
    version = "<PostgreSQL_version>"
    resources {
      resource_preset_id = "<host_class>"
      disk_type_id       = "<disk_type>"
      disk_size          = <storage_size_in_GB>
    }
    pooler_config {
      pool_discard = <Odyssey_parameter>
      pooling_mode = "<operation_mode>"
    }
    ...
  }

  host {
    zone             = "<availability_zone>"
    name             = "<host_name>"
    subnet_id        = "<subnet_ID>"
    assign_public_ip = <allow_public_access_to_host>
  }
}

resource "yandex_mdb_postgresql_database" "<DB_name>" {
  cluster_id = "<cluster_ID>"
  name       = "<DB_name>"
  owner      = "<DB_owner_name>"
  depends_on = [
    yandex_mdb_postgresql_user.<username>
  ]
}

resource "yandex_mdb_postgresql_user" "<username>" {
  cluster_id = "<cluster_ID>"
  name       = "<username>"
  password   = "<user_password>"
}

resource "yandex_vpc_network" "<network_name>" { name = "<network_name>" }

resource "yandex_vpc_subnet" "<subnet_name>" {
  name           = "<subnet_name>"
  zone           = "<availability_zone>"
  network_id     = "<network_ID>"
  v4_cidr_blocks = ["<range>"]
}
```
Where:
- environment: Environment, PRESTABLE or PRODUCTION.
- assign_public_ip: Internet access to the host, true or false.
- deletion_protection: Deletion protection for the cluster, its databases, and users, true or false.
  
  By default, when users and databases are created, this setting’s value is inherited from the cluster. You can also specify this setting manually. See User management and Database management for details.
  
  If the setting is changed on a running cluster, the new value will only be inherited by users and databases with Same as cluster protection level.
  
  Even with deletion protection enabled, one can still connect to the cluster manually and delete the data.
- version: PostgreSQL version, 13, 13-1c, 14, 14-1c, 15, 15-1c, 16, 16-1c, and 17.
- pool_discard: Odyssey pool_discard setting, true or false.
- pooling_mode: Operating mode, SESSION, TRANSACTION, or STATEMENT.
The database name may contain Latin letters, numbers, underscores, and hyphens. The maximum name length is 63 characters. The names postgres, template0, and template1 are reserved for internal use by Managed Service for PostgreSQL. You cannot create databases using these names.

The password must be from 8 to 128 characters long.

Note

You can also generate a password using Connection Manager. To do this, replace "password" = "<user_password>" with generate_password = true.

To view the password, select your cluster in the management console, navigate to the Users tab, and click View password for the relevant user. This will open the page of the Yandex Lockbox secret containing the password. Viewing passwords requires the lockbox.payloadViewer role.

To configure automatic storage scaling, add the disk_size_autoscaling section within the config section:
```
  resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
    ...
    config {
      ...
      disk_size_autoscaling {
        disk_size_limit           = <maximum_storage_size_GiB>
        emergency_usage_threshold = <threshold_for_immediate_increase_in_percent>
        planned_usage_threshold   = <threshold_for_scheduled_increase_in_percent>
      }
      ...
    }
    ...
  }
```
Where:
- disk_size_limit: Maximum storage capacity after expansion, in GB.
- emergency_usage_threshold: Storage usage percentage threshold triggering an immediate storage expansion. This is an optional setting. The default value is 0 (autoscale disabled).
  
  Values for this setting can range from 0 to 100.
- planned_usage_threshold: Storage usage percentage threshold triggering a storage expansion during the next maintenance window. This is an optional setting. The default value is 0 (autoscale disabled).
  
  Values for this setting can range from 0 to 100.
For more information on storage scaling rules, see this section.
Warning
- When using planned_usage_threshold, you must configure a maintenance window under maintenance_window.
- If you specify both thresholds, emergency_usage_threshold must not be less than planned_usage_threshold.
To set up the maintenance window that will also apply to stopped clusters, add the maintenance_window section to the cluster description:
```
resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  ...
  maintenance_window {
    type = <maintenance_type>
    day  = <day_of_week>
    hour = <hour>
  }
  ...
}
```
Where:
- type: Maintenance type. The possible values include:
  - ANYTIME: Anytime
  - WEEKLY: On a schedule
- day: Day of week for the WEEKLY type, i.e., MON, TUE, WED, THU, FRI, SAT, or SUN.
- hour: UTC hour for the WEEKLY type, from 1 to 24.
To encrypt the disk with a custom KMS key, add the disk_encryption_key_id parameter:
```
resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  ...
  disk_encryption_key_id = <KMS_key_ID>
  ...
}
```
To learn more about disk encryption, see Storage.

To set up statistics collection, add the performance_diagnostics block to the config section:
```
resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  ...
  config {
    ...
    performance_diagnostics {
      enabled                      = <activate_statistics_collection>
      sessions_sampling_interval   = <session_sampling_interval>
      statements_sampling_interval = <statement_sampling_interval>
    }
    ...
  }
  ...
}
```
Where:
- enabled: Enable statistics collection, true or false.
- sessions_sampling_interval: Session sampling interval, from 1 to 86400 seconds.
- statements_sampling_interval: Statement sampling interval, from 60 to 86400 seconds.
For a complete list of configurable Managed Service for PostgreSQL cluster fields, refer to the Terraform provider guides.
Validate your configuration.
1. In the command line, navigate to the directory that contains the current Terraform configuration files defining the infrastructure.
2. Run this command:
```
terraform validate
```
  Terraform will show any errors found in your configuration files.
Create a cluster.
1. Run this command to view the planned changes:
```
terraform plan
```
  If you described the configuration correctly, the terminal will display a list of the resources to update and their parameters. This is a verification step that does not apply changes to your resources.
2. If everything looks correct, apply the changes:
  1. Run this command:
```
terraform apply
```
  2. Confirm updating the resources.
  3. Wait for the operation to complete.
Timeouts
The Terraform provider sets the following timeouts for Managed Service for PostgreSQL cluster operations:
- Creating a cluster, including restoration from a backup: 30 minutes.
- Updating a cluster: 60 minutes.
- Deleting a cluster: 15 minutes.
Operations exceeding the timeout are aborted.
How can I change these timeouts?
Add a timeouts section to the cluster description, e.g.:

resource "yandex_mdb_postgresql_cluster" "<cluster_name>" { ... timeouts { create = "1h30m" # 1 hour 30 minutes update = "2h" # 2 hours delete = "30m" # 30 minutes } }

Get an IAM token for API authentication and place it in an environment variable:
```
export IAM_TOKEN="<IAM_token>"
```
Create a file named body.json and paste the following code into it:
```
{
  "folderId": "<folder_ID>",
  "name": "<cluster_name>",
  "environment": "<environment>",
  "networkId": "<network_ID>",
  "securityGroupIds": [
    "<security_group_1_ID>",
    "<security_group_2_ID>",
    ...
    "<security_group_N_ID>"
  ],
  "deletionProtection": <protect_cluster_from_deletion>,
  "configSpec": {
    "version": "<PostgreSQL_version>",
    "resources": {
      "resourcePresetId": "<host_class>",
      "diskSize": "<storage_size_in_bytes>",
      "diskTypeId": "<disk_type>"
    },
    "access": {
      "dataLens": <allow_access_from_DataLens>,
      "webSql": <allow_access_from_WebSQL>,
      "serverless": <allow_access_from_Cloud_Functions>,
      "dataTransfer": <allow_access_from_Data_Transfer>,
      "yandexQuery": <allow_access_from_Query>
    },
    "performanceDiagnostics": {
      "enabled": <enable_statistics_collection>,
      "sessionsSamplingInterval": "<session_sampling_interval>",
      "statementsSamplingInterval": "<statement_sampling_interval>"
    },
    "diskSizeAutoscaling": {
      "plannedUsageThreshold": "<threshold_for_scheduled_increase_in_percent>",
      "emergencyUsageThreshold": "<threshold_for_immediate_increase_in_percent>",
      "diskSizeLimit": "<maximum_storage_size_in_bytes>"
    }
  },
  "databaseSpecs": [
    {
      "name": "<DB_name>",
      "owner": "<DB_owner_name>"
    },
    { <similar_configuration_for_DB_2> },
    { ... },
    { <similar_configuration_for_DB_N> }
  ],
  "userSpecs": [
    {
      "name": "<username>",
      "password": "<user_password>",
      "permissions": [
        {
          "databaseName": "<DB_name>"
        }
      ],
      "login": <allow_user_to_connect_to_DB>
    },
    { <similar_settings_for_user_2> },
    { ... },
    { <similar_settings_for_user_N> }
  ],
  "hostSpecs": [
    {
      "zoneId": "<availability_zone>",
      "subnetId": "<subnet_ID>",
      "assignPublicIp": <allow_public_access_to_host>
    },
    { <similar_settings_for_host_2> },
    { ... },
    { <similar_settings_for_host_N> }
  ],
  "maintenanceWindow": {
    "weeklyMaintenanceWindow": {
      "day": "<day_of_week>",
      "hour": "<hour>"
    }
  }
}
```
Where:
- folderId: Folder ID. You can get it from the cloud’s folder list.
- name: Cluster name.
- environment: Cluster environment, PRODUCTION or PRESTABLE.
- networkId: ID of the network where the cluster will be deployed.
  
  Warning
  
  The cloud network selected for cluster deployment cannot be changed later. If you need to migrate your cluster to another cloud network in the future, use the restore from a backup feature and specify the required network for your new cluster copy.
- securityGroupIds: Security group IDs.
- deletionProtection: Deletion protection for the cluster, its databases, and users, true or false.
  
  By default, when users and databases are created, this setting’s value is inherited from the cluster. You can also specify this setting manually. See User management and Database management for details.
  
  If the setting is changed on a running cluster, the new value will only be inherited by users and databases with Same as cluster protection level.
  
  Even with deletion protection enabled, one can still connect to the cluster manually and delete the data.
- configSpec: Cluster settings:
  - version: PostgreSQL version.
  - resources: Cluster resources:
    - resourcePresetId: Host class.
    - diskSize: Disk size in bytes.
    - diskTypeId: Disk type.
  - access: Settings for cluster access to the following Yandex Cloud services:
    - dataLens: Yandex DataLens
    - webSql: Yandex WebSQL
    - serverless: Yandex Cloud Functions
    - dataTransfer: Yandex Data Transfer
    - yandexQuery: Yandex Query
    Allowed values: true or false.
  - performanceDiagnostics: Statistics collection settings:
    - enabled: Enable statistics collection, true or false.
    - sessionsSamplingInterval: Session sampling interval. The allowed values range from 1 to 86400 seconds.
    - statementsSamplingInterval: Statement sampling interval. The allowed values range from 60 to 86400 seconds.
  - diskSizeAutoscaling: Storage autoscaling setting:
    - plannedUsageThreshold: Storage usage percentage threshold triggering a storage expansion during the next maintenance window. This is an optional setting. The default value is 0 (autoscale disabled).
      
      Values for this setting can range from 0 to 100.
    - emergencyUsageThreshold: Storage usage percentage threshold triggering an immediate storage expansion. This is an optional setting. The default value is 0 (autoscale disabled).
      
      Values for this setting can range from 0 to 100.
    - diskSizeLimit: Maximum storage capacity after expansion, in bytes.
    Warning
    When using the plannedUsageThreshold setting, make sure to specify maintenanceWindow.
    
    If you specify both thresholds, make sure emergencyUsageThreshold is greater than or equal to plannedUsageThreshold.
    For more information about storage scaling rules, see this section.
- databaseSpecs: Database settings as an array of elements, one per database. Each element has the following structure:
  - name: Database name.
  - owner: Database owner username. This setting must correspond to one of the usernames specified in the request.
- userSpecs: User settings as an array of elements, one per user. Each element has the following structure:
  - name: Username.
  - password: Password. The password must be from 8 to 128 characters long.
    
    You can also generate a password using Connection Manager. To do this, specify "generatePassword": true instead of "password": "<user_password>".
    
    To view the password, select your cluster in the management console, navigate to the Users tab, and click View password for the relevant user. This will open the page of the Yandex Lockbox secret containing the password. Viewing passwords requires the lockbox.payloadViewer role.
  - permissions.databaseName: Name of the database to which the user will have access.
  - login: Permission for the user to connect to the database, true or false.
- hostSpecs: Cluster host settings as an array of elements, one per host. Each element has the following structure:
  - zoneId: Availability zone.
  - subnetId: Subnet ID.
  - assignPublicIp: Permission for internet access to the host, true or false.
- maintenanceWindow: Maintenance window settings:
  - day: Day of the week, in DDD format, for scheduled maintenance.
  - hour: Hour of the day, in HH format, for scheduled maintenance. The allowed values are from 1 to 24.

Call the Cluster.Create method, for instance, via the following cURL request:

curl \
  --request POST \
  --header "Authorization: Bearer $IAM_TOKEN" \
  --header "Content-Type: application/json" \
  --url 'https://mdb.api.cloud.yandex.net/managed-postgresql/v1/clusters' \
  --data "@body.json"

Check the server response to make sure your request was successful.

Get an IAM token for API authentication and place it in an environment variable:
```
export IAM_TOKEN="<IAM_token>"
```
Clone the cloudapi repository:
```
cd ~/ && git clone --depth=1 https://github.com/yandex-cloud/cloudapi
```
Below, we assume the repository contents are stored in the ~/cloudapi/ directory.
Create a file named body.json and paste the following code into it:
```
{
  "folder_id": "<folder_ID>",
  "name": "<cluster_name>",
  "environment": "<environment>",
  "network_id": "<network_ID>",
  "security_group_ids": [
    "<security_group_1_ID>",
    "<security_group_2_ID>",
    ...
    "<security_group_N_ID>"
  ],
  "deletion_protection": <protect_cluster_from_deletion>,
  "config_spec": {
    "version": "<PostgreSQL_version>",
    "resources": {
      "resource_preset_id": "<host_class>",
      "disk_size": "<storage_size_in_bytes>",
      "disk_type_id": "<disk_type>"
    },
    "access": {
      "data_lens": <allow_access_from_DataLens>,
      "web_sql": <allow_access_from_WebSQL>,
      "serverless": <allow_access_from_Cloud_Functions>,
      "data_transfer": <allow_access_from_Data_Transfer>,
      "yandex_query": <allow_access_from_Query>
    },
    "performance_diagnostics": {
      "enabled": <enable_statistics_collection>,
      "sessions_sampling_interval": "<session_sampling_interval>",
      "statements_sampling_interval": "<statement_sampling_interval>"
    },
    "disk_size_autoscaling": {
      "planned_usage_threshold": "<threshold_for_scheduled_increase_in_percent>",
      "emergency_usage_threshold": "<threshold_for_immediate_increase_in_percent>",
      "disk_size_limit": "<maximum_storage_size_in_bytes>"
    }
  },
  "database_specs": [
    {
      "name": "<DB_name>",
      "owner": "<DB_owner_name>"
    },
    { <similar_configuration_for_DB_2> },
    { ... },
    { <similar_configuration_for_DB_N> }
  ],
  "user_specs": [
    {
      "name": "<username>",
      "password": "<user_password>",
      "permissions": [
        {
          "database_name": "<DB_name>"
        }
      ],
      "login": <allow_user_to_connect_to_DB>
    },
    { <similar_settings_for_user_2> },
    { ... },
    { <similar_settings_for_user_N> }
  ],
  "host_specs": [
    {
      "zone_id": "<availability_zone>",
      "subnet_id": "<subnet_ID>",
      "assign_public_ip": <allow_public_access_to_host>
    },
    { <similar_settings_for_host_2> },
    { ... },
    { <similar_settings_for_host_N> }
  ],
  "maintenance_window": {
    "weekly_maintenance_window": {
      "day": "<day_of_week>",
      "hour": "<hour>"
    }
  }
}
```
Where:
- folder_id: Folder ID. You can get it from the cloud’s folder list.
- name: Cluster name.
- environment: Cluster environment, PRODUCTION or PRESTABLE.
- network_id: ID of the network where the cluster will be deployed.
  
  Warning
  
  The cloud network selected for cluster deployment cannot be changed later. If you need to migrate your cluster to another cloud network in the future, use the restore from a backup feature and specify the required network for your new cluster copy.
- security_group_ids: Security group IDs.
- deletion_protection: Deletion protection for the cluster, its databases, and users, true or false.
  
  By default, when users and databases are created, this setting’s value is inherited from the cluster. You can also specify this setting manually. See User management and Database management for details.
  
  If the setting is changed on a running cluster, the new value will only be inherited by users and databases with Same as cluster protection level.
  
  Even with deletion protection enabled, one can still connect to the cluster manually and delete the data.
- config_spec: Cluster settings:
  - version: PostgreSQL version.
  - resources: Cluster resources:
    - resource_preset_id: Host class.
    - disk_size: Disk size in bytes.
    - disk_type_id: Disk type.
  - access: Settings for cluster access to the following Yandex Cloud services:
    - data_lens: Yandex DataLens
    - web_sql: Yandex WebSQL
    - serverless: Yandex Cloud Functions
    - data_transfer: Yandex Data Transfer
    - yandex_query: Yandex Query
    Allowed values: true or false.
  - performance_diagnostics: Statistics collection settings:
    - enabled: Enable statistics collection, true or false.
    - sessions_sampling_interval: Session sampling interval. The allowed values range from 1 to 86400 seconds.
    - statements_sampling_interval: Statement sampling interval. The allowed values range from 60 to 86400 seconds.
  - disk_size_autoscaling: Storage autoscaling settings:
    - planned_usage_threshold: Storage usage percentage threshold triggering a storage expansion during the next maintenance window. This is an optional setting. The default value is 0 (autoscale disabled).
      
      Values for this setting can range from 0 to 100.
    - emergency_usage_threshold: Storage usage percentage threshold triggering an immediate storage expansion. This is an optional setting. The default value is 0 (autoscale disabled).
      
      Values for this setting can range from 0 to 100.
    - disk_size_limit: Maximum storage capacity after expansion, in bytes.
    Warning
    When using the planned_usage_threshold setting, make sure to specify maintenance_window.
    
    If you specify both thresholds, make sure that emergency_usage_threshold is greater than or equal to planned_usage_threshold.
    For more information on storage scaling rules, see this section.
- database_specs: Database settings as an array of elements, one per database. Each element has the following structure:
  - name: Database name.
  - owner: Database owner username. This setting must correspond to one of the usernames specified in the request.
- user_specs: User settings as an array of elements, one per user. Each element has the following structure:
  - name: Username.
  - password: Password. The password must be from 8 to 128 characters long.
    
    You can also generate a password using Connection Manager. To do this, specify "generate_password": true instead of "password": "<user_password>".
    
    To view the password, select your cluster in the management console, navigate to the Users tab, and click View password for the relevant user. This will open the page of the Yandex Lockbox secret containing the password. Viewing passwords requires the lockbox.payloadViewer role.
  - permissions.database_name: Name of the database to which the user will have access.
  - login: Permission for the user to connect to the database, true or false.
- host_specs: Cluster host settings as an array of elements, one per host. Each element has the following structure:
  - zone_id: Availability zone.
  - subnet_id: Subnet ID.
  - assign_public_ip: Permission for internet access to the host.
- maintenance_window: Maintenance window settings:
  - day: Day of the week, in DDD format, for scheduled maintenance.
  - hour: Hour of the day, in HH format, for scheduled maintenance. The allowed values are from 1 to 24.

Call the ClusterService.Create method, for instance, via the following gRPCurl request:

grpcurl \
  -format json \
  -import-path ~/cloudapi/ \
  -import-path ~/cloudapi/third_party/googleapis/ \
  -proto ~/cloudapi/yandex/cloud/mdb/postgresql/v1/cluster_service.proto \
  -rpc-header "Authorization: Bearer $IAM_TOKEN" \
  -d @ \
  mdb.api.cloud.yandex.net:443 \
  yandex.cloud.mdb.postgresql.v1.ClusterService.Create \
  < body.json

Check the server response to make sure your request was successful.

Warning

If you specified security group IDs when creating a cluster, you may also need to configure security groups to connect to it.

Creating a cluster copy

You can create a PostgreSQL cluster using the settings of the previously created cluster. To do this, import the PostgreSQL source cluster configuration to Terraform. This way, you can either create an identical copy or use the imported configuration as a starting point for modification. Import is convenient when the source PostgreSQL cluster has many settings and you need to create a similar cluster.

To create a PostgreSQL cluster copy:

Terraform

If you do not have Terraform yet, install it.
Get the authentication credentials. You can add them to environment variables or specify them later in the provider configuration file.
Configure and initialize a provider. There is no need to create a provider configuration file manually, you can download it.
Place the configuration file in a separate working directory and specify the parameter values. If you did not add the authentication credentials to environment variables, specify them in the configuration file.
In your current working directory, create a .tf file with the following content:
```
resource "yandex_mdb_postgresql_cluster" "old" { }
```
Save the ID of the original PostgreSQL cluster to an environment variable:
```
export POSTGRESQL_CLUSTER_ID=<cluster_ID>
```
You can get the ID from the folder’s cluster list.
Import the original PostgreSQL cluster settings to the Terraform configuration:
```
terraform import yandex_mdb_postgresql_cluster.old ${POSTGRESQL_CLUSTER_ID}
```
Display the imported configuration:
```
terraform show
```
Copy the configuration from the terminal window and save it to the .tf file.
Create a new directory named imported-cluster and move your file there.
Modify the configuration so it can be used to create a new cluster:
- Specify the new cluster name in the resource string and the name parameter.
- Delete created_at, health, id, and status.
- In the host sections, delete fqdn and role.
- If the disk_size_autoscaling section has disk_size_limit = 0, delete this section.
- If the maintenance_window section has type = "ANYTIME", delete the hour argument.
- Optionally, you can customize the configuration further if needed.
Get the authentication credentials in the imported-cluster directory.
In the same directory, configure and initialize a provider. To avoid creating the provider configuration file manually, you can download it here.
Move the configuration file to the imported-cluster directory and edit it to include your required values. If you have not added your authentication credentials to the environment variables, specify them in the configuration file.
Validate your Terraform configuration files:
```
terraform validate
```
Terraform will display any configuration errors detected in your files.
Create the required infrastructure:
1. Run this command to view the planned changes:
```
terraform plan
```
  If you described the configuration correctly, the terminal will display a list of the resources to update and their parameters. This is a verification step that does not apply changes to your resources.
2. If everything looks correct, apply the changes:
  1. Run this command:
```
terraform apply
```
  2. Confirm updating the resources.
  3. Wait for the operation to complete.
All the required resources will be created in the specified folder. You can check resource availability and their settings in the management console.

Timeouts

The Terraform provider sets the following timeouts for Managed Service for PostgreSQL cluster operations:

Creating a cluster, including restoration from a backup: 30 minutes.
Updating a cluster: 60 minutes.
Deleting a cluster: 15 minutes.

Operations exceeding the timeout are aborted.

How can I change these timeouts?

Add a timeouts section to the cluster description, e.g.:

resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  ...
  timeouts {
    create = "1h30m" # 1 hour 30 minutes
    update = "2h"    # 2 hours
    delete = "30m"   # 30 minutes
  }
}

Examples

Creating a single-host cluster

CLI

Terraform

To create a single-host cluster, provide one --host argument.

Create a Managed Service for PostgreSQL cluster with the following test specifications:

Name: mypg.
Environment: production.
Network: default.
Security group: enp6saqnq4ie244g67sb.
One s2.micro host in the b0rcctk2rvtr******** subnet and ru-central1-a availability zone.
Network SSD storage (network-ssd): 20 GB.
User: user1, password: user1user1.
Database: db1, owner: user1.
Deletion protection for the the cluster, its databases, and users: Enabled.

Run this command:

yc managed-postgresql cluster create \
   --name mypg \
   --environment production \
   --network-name default \
   --resource-preset s2.micro \
   --host zone-id=ru-central1-a,subnet-id=b0rcctk2rvtr******** \
   --disk-type network-ssd \
   --disk-size 20 \
   --user name=user1,password=user1user1 \
   --database name=db1,owner=user1 \
   --security-group-ids enp6saqnq4ie244g67sb \
   --deletion-protection

Create a Managed Service for PostgreSQL cluster and its network with the following test specifications:

Name: mypg.
Version: 17.
Environment: PRESTABLE.
Cloud ID: b1gq90dgh25bebiu75o.
Folder ID: b1gia87mbaomkfvsleds.
Network: mynet.
Security group allowing internet access to the cluster on port 6432: pgsql-sg.
Host class: s2.micro (one host), subnet: mysubnet, availability zone: ru-central1-a. mysubnet CIDR range: 10.5.0.0/24.
Network SSD storage (network-ssd): 20 GB.
User: user1, password: user1user1.
Database: db1, owner: user1.
Deletion protection for the the cluster, its databases, and users: Enabled.

The configuration file for this cluster looks like this:

resource "yandex_mdb_postgresql_cluster" "mypg" {
  name                = "mypg"
  environment         = "PRESTABLE"
  network_id          = yandex_vpc_network.mynet.id
  security_group_ids  = [ yandex_vpc_security_group.pgsql-sg.id ]
  deletion_protection = true

  config {
    version = 17
    resources {
      resource_preset_id = "s2.micro"
      disk_type_id       = "network-ssd"
      disk_size          = "20"
    }
  }

  host {
    zone      = "ru-central1-a"
    name      = "mypg-host-a"
    subnet_id = yandex_vpc_subnet.mysubnet.id
  }
}

resource "yandex_mdb_postgresql_database" "db1" {
  cluster_id = yandex_mdb_postgresql_cluster.mypg.id
  name       = "db1"
  owner      = "user1"
}

resource "yandex_mdb_postgresql_user" "user1" {
  cluster_id = yandex_mdb_postgresql_cluster.mypg.id
  name       = "user1"
  password   = "user1user1"
}

resource "yandex_vpc_network" "mynet" {
  name = "mynet"
}

resource "yandex_vpc_subnet" "mysubnet" {
  name           = "mysubnet"
  zone           = "ru-central1-a"
  network_id     = yandex_vpc_network.mynet.id
  v4_cidr_blocks = ["10.5.0.0/24"]
}

resource "yandex_vpc_security_group" "pgsql-sg" {
  name       = "pgsql-sg"
  network_id = yandex_vpc_network.mynet.id

  ingress {
    description    = "PostgreSQL"
    port           = 6432
    protocol       = "TCP"
    v4_cidr_blocks = [ "0.0.0.0/0" ]
  }
}

Creating a PostgreSQL cluster

Creating a clusterCreating a cluster

Creating a cluster copyCreating a cluster copy

ExamplesExamples

Creating a single-host clusterCreating a single-host cluster

Was the article helpful?

Creating a cluster

Creating a cluster copy

Examples

Creating a single-host cluster