Connecting to a PostgreSQL cluster from applications
You can connect to a PostgreSQL cluster using command line tools, graphical IDEs, Yandex WebSQL, pgAdmin 4, Looker Studio, or a Docker container. To learn how to connect from your application code, see Code examples.
You can connect to ClickHouse® cluster hosts using SSL certificates. The examples below assume that the root.crt certificate is located in this directory:
/home/<home_directory>/.postgresql/for Ubuntu.$HOME\AppData\Roaming\postgresqlfor Windows
Before connecting, configure security groups for the cluster, if required.
Command line tools
To see code examples with the host FQDN filled in, open the cluster page in the management console and click Connect.
Linux (Bash)
Before connecting, install the required dependencies:
sudo apt update && sudo apt install --yes postgresql-client
-
Connect to a database:
psql "host=c-<cluster_ID>.rw.mdb.yandexcloud.net \ port=6432 \ sslmode=disable \ dbname=<DB_name> \ user=<username> \ target_session_attrs=read-write"After you run this command, enter the user password to complete connecting to the database.
-
To check the connection, run the following query:
SELECT version();
-
Connect to a database:
psql "host=c-<cluster_ID>.rw.mdb.yandexcloud.net \ port=6432 \ sslmode=verify-full \ dbname=<DB_name> \ user=<username> \ target_session_attrs=read-write"After you run this command, enter the user password to complete connecting to the database.
-
To check the connection, run the following query:
SELECT version();
Windows (PowerShell)
Before connecting, install PostgreSQL for Windows using the same version that is installed in the cluster. Install only the Command Line Tools.
-
Set the environment variables for the connection:
$Env:PGSSLMODE="disable"; $Env:PGTARGETSESSIONATTRS="read-write" -
Connect to a database:
& "C:\Program Files\PostgreSQL\<version>\bin\psql.exe" ` --host=c-<cluster_ID>.rw.mdb.yandexcloud.net ` --port=6432 ` --username=<username> ` <DB_name>After you run this command, enter the user password to complete connecting to the database.
-
To check the connection, run the following query:
SELECT version();
-
Set the environment variables for the connection:
$Env:PGSSLMODE="verify-full"; $Env:PGTARGETSESSIONATTRS="read-write" -
Connect to a database:
& "C:\Program Files\PostgreSQL\<version>\bin\psql.exe" ` --host=c-<cluster_ID>.rw.mdb.yandexcloud.net ` --port=6432 ` --username<username> ` <DB_name>After you run this command, enter the user password to complete connecting to the database.
-
To check the connection, run the following query:
SELECT version();
Connecting with IAM authentication
You can connect to a PostgreSQL database via the Yandex Cloud CLI using IAM authentication. This method is available to Yandex accounts, federated accounts, and local users. When connecting with IAM authentication, you do not need to obtain an SSL certificate or specify the cluster hosts’ FQDNs.
Before connecting, install the PostgreSQL client:
sudo apt update && sudo apt install --yes postgresql-client
Set up your PostgreSQL cluster for connection:
- Navigate to the Managed Service for PostgreSQL service.
- Click the cluster name.
- Enable public access for the cluster hosts:
- Select the Hosts tab.
- Click in the first host's row and select Edit.
- Enable Public access.
- Repeat the same for the remaining hosts in the cluster.
- Assign a role to the user account connecting to the database:
- Select the Access bindings tab and click Assign roles.
- Enter the user account’s email.
- Click Add role and select the
managed-postgresql.clusters.connectorrole. - Click Save.
- Create a user named PostgreSQL:
- Select the Users tab.
- Click Create user.
- Select IAM as the authentication method.
- Select the account with the
managed-postgresql.clusters.connectorrole. - In the Database field, click .
- Select the database from the drop-down list.
- Click Save.
To connect to the PostgreSQL database, run this command:
yc managed-postgresql connect <cluster_name_or_ID> --db <DB_name>
Connecting from graphical IDEs
Connections were tested in the following environment:
- Ubuntu 20.04, DBeaver:
22.2.4 - MacOS Monterey 12.7:
- JetBrains DataGrip:
2023.3.4 - DBeaver Community:
24.0.0
- JetBrains DataGrip:
From graphical IDEs, you can only connect to public cluster hosts using an SSL certificate.
To avoid connection errors, save the certificate to a local folder that does not require administrator rights to access.
- Create a data source:
- Select File → New → Data Source → PostgreSQL.
- Specify the connection settings on the General tab:
-
User, Password: Database user name and password.
-
URL: Connection string:
jdbc:postgresql://<special_FQDN>:6432/<DB_name>You can also use a list of all cluster host FQDNs in the connection string:
jdbc:postgresql://<PostgreSQL_host_1>:6432,...,<PostgreSQL_host_N>:6432/<DB_name> -
Click Download to download the connection driver.
-
- On the SSH/SSL tab:
- Enable Use SSL.
- In the CA file field, specify the path to the SSL certificate for your connection.
- Click Test Connection. If the connection is successful, you will see the connection status and information about the DBMS and driver.
- Click OK to save the data source.
- Create a new DB connection:
- In the Database menu, select New connection.
- Select PostgreSQL from the DB list.
- Click Next.
- Specify the connection settings on the Main tab:
- Host: Master FQDN or regular host FQDN.
- Port:
6432. - Database: Target database name.
- Under Authentication, specify the DB user name and password.
- On the SSL tab:
- Enable Use SSL.
- In the Root certificate field, specify the path to the saved SSL certificate file.
- Click Test Connection .... If the connection is successful, you will see the connection status and information about the DBMS and driver.
- Click Done to save the database connection settings.
Connecting from Yandex WebSQL
You can use Yandex WebSQL to send SQL queries to Managed Service for PostgreSQL cluster databases.
WebSQL is a Yandex Cloud service that enables you to connect to managed database clusters, work with databases, tables, and schemas, and run queries. It is a web-based tool that requires no additional authorization and simplifies working with SQL commands by prompting the user.
To connect from WebSQL, activate the WebSQL access option in the cluster settings. You can enable it when creating or updating a cluster.
In the Managed Service for PostgreSQL cluster, a Connection Manager connection is automatically created for each database user, which you can use to connect to the database from WebSQL. If required, you can also create a new connection.
To connect to the database from WebSQL:
-
In the management console, select the folder with the cluster you need.
-
Go to Managed Service for PostgreSQL.
-
Click the cluster name and go to the WebSQL tab.
-
Select the required connection.
The connection will open in WebSQL. To go to the query editor, select the required database.
Check this PostgreSQL reference for supported queries.
Note
You cannot use SQL statements to perform operations requiring superuser privileges.
For more information on how to work with WebSQL, see these guides.
Connecting from pgAdmin 4
Connection testing was performed for pgAdmin 4 version 7.0 on Ubuntu 20.04.
Connections from pgAdmin 4 are only permitted to publicly accessible cluster hosts and require an SSL certificate.
Create a new server connection:
-
Select Object → Register → Server....
-
On the General tab, in the Name field, specify the cluster name to be shown in the pgAdmin 4 interface. You can set any name.
-
In the Connection tab, specify the connection settings:
- Host name/address: Master FQDN or regular host FQDN.
- Port:
6432. - Maintenance database: Target database name.
- Username: Username used to establish the connection.
- Password: User password.
-
In the Parameters tab:
- Set the SSL mode parameter to
verify-full. - Add a new Root certificate parameter and specify the path to the saved SSL certificate file in it.
- Set the SSL mode parameter to
-
Click Save to save the server connection settings.
Your cluster will appear in the server list located in the navigation menu.
Connecting from Looker Studio
Connections from Looker Studio are only permitted to publicly accessible hosts.
-
Save the
CA.pemserver certificate to a local directory. -
In the same directory, generate a client certificate with a private key:
openssl req -newkey rsa:2048 -nodes -keyout private.pem -out cert.pemDuring certificate creation, the program will ask you to modify several settings. Press Enter to keep the default values.
You will see two files in your local directory:
cert.pemandprivate.pem. -
On the Looker Studio navigation page, select Create → Data source.
-
Select PostgreSQL.
-
Fill out the fields as follows:
- Host name or IP address: Master FQDN or regular host FQDN.
- Port:
6432. - Database: DB to connect to.
- Username: Username used to establish the connection.
- Password: User password.
-
Check Enable SSL and Enable client authentication.
-
Specify the certificate files and the client private key in the appropriate fields:
- Server certificate: Select the
CA.pemfile. - Client certificate: Select the
cert.pemfile. - Client private key: Select the
private.pemfile.
- Server certificate: Select the
-
Click Authenticate.
Before you connect from a Docker container
To connect to a Managed Service for PostgreSQL cluster from a Docker container, add the following lines to the Dockerfile:
RUN apt-get update && \
apt-get install postgresql-client --yes
See the Yandex Serverless Containers connection example in this tutorial.
RUN apt-get update && \
apt-get install wget postgresql-client --yes && \
mkdir --parents ~/.postgresql && \
wget "https://storage.yandexcloud.net/cloud-certs/CA.pem" \
--output-document ~/.postgresql/root.crt && \
chmod 0655 ~/.postgresql/root.crt