Contact UsGet started
© 2025 Direct Cursus Technology L.L.C.

Updating PostgreSQL cluster settings

Written by
Updated at November 26, 2025

After creating a cluster, you can:

Note

Changes are only possible on a running cluster.

Learn more about other cluster updates:

Changing the host class

Note

Some PostgreSQL settings depend on the selected host class.

When changing the host class:

  • A single-host cluster becomes unavailable for a few minutes with database connections terminated.
  • A multi-host cluster gets a new master. Each host is stopped and updated one by one, remaining unavailable for a few minutes.
  • Using a special FQDN does not guarantee a stable database connection: user sessions may be terminated.

We recommend changing the host class only when your cluster has no active workload.

  1. Navigate to the folder dashboard and select Managed Service for PostgreSQL.
  2. Select the cluster and click Edit in the top panel.
  3. Under Host class, select the required class for the PostgreSQL hosts.
  4. Click Save changes.

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

To change the host class for a cluster:

  1. View the description of the CLI command for updating a cluster:

    yc managed-postgresql cluster update --help

  2. Get the list of available host classes (the ZONE IDS column specifies the availability zones where you can select the appropriate class):

    yc managed-postgresql resource-preset list

    +-----------+--------------------------------+-------+----------+
|    ID     |            ZONE IDS            | CORES |  MEMORY  |
+-----------+--------------------------------+-------+----------+
| s1.micro  | ru-central1-a, ru-central1-b,  |     2 | 8.0 GB   |
|           | ru-central1-d                  |       |          |
| ...                                                           |
+-----------+--------------------------------+-------+----------+

  3. Run this command, specifying the host class you need:

    yc managed-postgresql cluster update <cluster_name_or_ID> \
    --resource-preset <host_class_ID>

    Managed Service for PostgreSQL will start updating the host class for your cluster.

  1. Open the current Terraform configuration file describing your infrastructure.

    For information on how to create this file, see Creating a cluster.

    For a complete list of Managed Service for PostgreSQL cluster configuration fields you can update, see this Terraform provider article.

  2. In the Managed Service for PostgreSQL cluster description, change the resource_preset_id attribute value under config.resources:

    resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  ...
  config {
    resources {
      resource_preset_id = "<host_class>"
      ...
    }
  }
}

  3. Make sure the settings are correct.

    1. In the command line, navigate to the directory that contains the current Terraform configuration files defining the infrastructure.

    2. Run this command:

      terraform validate

      Terraform will show any errors found in your configuration files.

  4. Confirm updating the resources.

    1. Run this command to view the planned changes:

      terraform plan

      If you described the configuration correctly, the terminal will display a list of the resources to update and their parameters. This is a verification step that does not apply changes to your resources.

    2. If everything looks correct, apply the changes:

      1. Run this command:

        terraform apply

      2. Confirm updating the resources.

      3. Wait for the operation to complete.

    Time limits

    A Terraform provider sets the timeout for Managed Service for PostgreSQL cluster operations:

    • Creating a cluster, including restoring from a backup: 30 minutes.
    • Editing a cluster: 60 minutes.
    • Deleting a cluster: 15 minutes.

    Operations exceeding the set timeout are interrupted.

    How do I change these limits?

    Add the timeouts block to the cluster description, for example:

    resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  ...
  timeouts {
    create = "1h30m" # 1 hour 30 minutes
    update = "2h"    # 2 hours
    delete = "30m"   # 30 minutes
  }
}

  1. Get an IAM token for API authentication and save it as an environment variable:

    export IAM_TOKEN="<IAM_token>"

  2. Call the Cluster.Update method, e.g., via the following cURL request:

    Warning

    The API method will assign default values to all the parameters of the object you are modifying unless you explicitly provide them in your request. To avoid this, list the settings you want to change in the updateMask parameter as a single comma-separated string.

    curl \
  --request PATCH \
  --header "Authorization: Bearer $IAM_TOKEN" \
  --header "Content-Type: application/json" \
  --url 'https://mdb.api.cloud.yandex.net/managed-postgresql/v1/clusters/<cluster_ID>' \
  --data '{
            "updateMask": "configSpec.resources.resourcePresetId",
            "configSpec": {
              "resources": {
                "resourcePresetId": "<host_class>"
              }
            }
          }'

    Where:

    • updateMask: Comma-separated list of settings you want to update.

      In this case, only one parameter is provided.

    • configSpec.resources.resourcePresetId: New host class.

    You can request the cluster ID with the list of clusters in the folder.

  3. Check the server response to make sure your request was successful.

  1. Get an IAM token for API authentication and save it as an environment variable:

    export IAM_TOKEN="<IAM_token>"

  2. Clone the cloudapi repository:

    cd ~/ && git clone --depth=1 https://github.com/yandex-cloud/cloudapi

    Below, we assume the repository contents are stored in the ~/cloudapi/ directory.

  3. Use the ClusterService.Update call and send the following request, e.g., via gRPCurl:

    Warning

    The API method will assign default values to all the parameters of the object you are modifying unless you explicitly provide them in your request. To avoid this, list the settings you want to change in the update_mask parameter as an array of paths[] strings.

    Format for listing settings
    "update_mask": {
    "paths": [
        "<setting_1>",
        "<setting_2>",
        ...
        "<setting_N>"
    ]
}

    grpcurl \
  -format json \
  -import-path ~/cloudapi/ \
  -import-path ~/cloudapi/third_party/googleapis/ \
  -proto ~/cloudapi/yandex/cloud/mdb/postgresql/v1/cluster_service.proto \
  -rpc-header "Authorization: Bearer $IAM_TOKEN" \
  -d '{
        "cluster_id": "<cluster_ID>",
        "update_mask": {
          "paths": [
            "config_spec.resources.resource_preset_id"
          ]
        },
        "config_spec": {
          "resources": {
            "resource_preset_id": "<host_class>"
          }
        }
      }' \
  mdb.api.cloud.yandex.net:443 \
  yandex.cloud.mdb.postgresql.v1.ClusterService.Update

    Where:

    • update_mask: List of settings you want to update as an array of strings (paths[]).

      Only one parameter is provided in this case.

    • config_spec.resources.resource_preset_id: New host class.

    You can request the cluster ID with the list of clusters in the folder.

  4. Check the server response to make sure your request was successful.

Changing PostgreSQL settings

You can change the DBMS settings for the hosts in your cluster.

Warning

  1. Navigate to the folder dashboard and select Managed Service for PostgreSQL.
  2. Select the cluster and click Edit in the top panel.
  3. Change the PostgreSQL settings by clicking Settings under DBMS settings.
  4. Click Save.
  5. Click Save changes.

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

To update the PostgreSQL settings:

  1. View the full list of settings for the cluster:

    yc managed-postgresql cluster get <cluster_name_or_ID> --full

  2. See the description of the CLI command for updating a cluster configuration:

    yc managed-postgresql cluster update-config --help

  3. Set the parameter values as needed:

    All supported parameters are listed in the request format for the update method, in the postgresqlConfig_<PostgreSQL_version> field. To specify a parameter name in the CLI call, convert its name from lowerCamelCase to snake_case. For example, convert the maxPreparedTransactions parameter from an API request to max_prepared_transactions for the CLI command:

    yc managed-postgresql cluster update-config <cluster_name_or_ID> \
   --set <parameter_1_name>=<value_1>,<parameter_2_name>=<value_2>,...

    Managed Service for PostgreSQL will start updating the cluster settings.

  1. Open the current Terraform configuration file describing your infrastructure.

    For information on how to create this file, see Creating a cluster.

    For a complete list of Managed Service for PostgreSQL cluster configuration fields you can update, see this Terraform provider article.

  2. In the Managed Service for PostgreSQL cluster description, change the values of the parameters in config.postgresql_config. If there is no such section, create one.

    resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  ...
  config {
    ...
    postgresql_config = {
      max_connections                   = <maximum_number_of_connections>
      enable_parallel_hash              = <true_or_false>
      vacuum_cleanup_index_scale_factor = <number_between_0_and_1>
      ...
    }
  }
}

  3. Make sure the settings are correct.

    1. In the command line, navigate to the directory that contains the current Terraform configuration files defining the infrastructure.

    2. Run this command:

      terraform validate

      Terraform will show any errors found in your configuration files.

  4. Confirm updating the resources.

    1. Run this command to view the planned changes:

      terraform plan

      If you described the configuration correctly, the terminal will display a list of the resources to update and their parameters. This is a verification step that does not apply changes to your resources.

    2. If everything looks correct, apply the changes:

      1. Run this command:

        terraform apply

      2. Confirm updating the resources.

      3. Wait for the operation to complete.

    Time limits

    A Terraform provider sets the timeout for Managed Service for PostgreSQL cluster operations:

    • Creating a cluster, including restoring from a backup: 30 minutes.
    • Editing a cluster: 60 minutes.
    • Deleting a cluster: 15 minutes.

    Operations exceeding the set timeout are interrupted.

    How do I change these limits?

    Add the timeouts block to the cluster description, for example:

    resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  ...
  timeouts {
    create = "1h30m" # 1 hour 30 minutes
    update = "2h"    # 2 hours
    delete = "30m"   # 30 minutes
  }
}

  1. Get an IAM token for API authentication and save it as an environment variable:

    export IAM_TOKEN="<IAM_token>"

  2. Call the Cluster.Update method, e.g., via the following cURL request:

    Warning

    The API method will assign default values to all the parameters of the object you are modifying unless you explicitly provide them in your request. To avoid this, list the settings you want to change in the updateMask parameter as a single comma-separated string.

    curl \
  --request PATCH \
  --header "Authorization: Bearer $IAM_TOKEN" \
  --header "Content-Type: application/json" \
  --url 'https://mdb.api.cloud.yandex.net/managed-postgresql/v1/clusters/<cluster_ID>' \
  --data '{
            "updateMask": "configSpec.postgresqlConfig_<PostgreSQL_version>.<setting_1>,...,configSpec.postgresqlConfig_<PostgreSQL_version>.<setting_N>",
            "configSpec": {
              "postgresqlConfig_<PostgreSQL_version>": {
                "<setting_1>": "<value_1>",
                "<setting_2>": "<value_2>",
                ...
                "<setting_N>": "<value_N>"
              }
            }
          }'

    Where:

    • updateMask: Comma-separated list of settings you want to update.

      In this case, list all the PostgreSQL settings to update.

    • configSpec.postgresqlConfig_<PostgreSQL_version>: PostgreSQL settings. Specify each setting on a separate line, separated by commas.

      See the method description for the list of PostgreSQL versions available for this parameter. See Cluster-level settings for descriptions and possible values of the settings.

    You can request the cluster ID with the list of clusters in the folder.

  3. Check the server response to make sure your request was successful.

  1. Get an IAM token for API authentication and save it as an environment variable:

    export IAM_TOKEN="<IAM_token>"

  2. Clone the cloudapi repository:

    cd ~/ && git clone --depth=1 https://github.com/yandex-cloud/cloudapi

    Below, we assume the repository contents are stored in the ~/cloudapi/ directory.

  3. Use the ClusterService.Update call and send the following request, e.g., via gRPCurl:

    Warning

    The API method will assign default values to all the parameters of the object you are modifying unless you explicitly provide them in your request. To avoid this, list the settings you want to change in the update_mask parameter as an array of paths[] strings.

    Format for listing settings
    "update_mask": {
    "paths": [
        "<setting_1>",
        "<setting_2>",
        ...
        "<setting_N>"
    ]
}

    grpcurl \
  -format json \
  -import-path ~/cloudapi/ \
  -import-path ~/cloudapi/third_party/googleapis/ \
  -proto ~/cloudapi/yandex/cloud/mdb/postgresql/v1/cluster_service.proto \
  -rpc-header "Authorization: Bearer $IAM_TOKEN" \
  -d '{
        "cluster_id": "<cluster_ID>",
        "update_mask": {
          "paths": [
            "config_spec.postgresql_config_<PostgreSQL_version>.<setting_1>",
            "config_spec.postgresql_config_<PostgreSQL_version>.<setting_2>",
            ...,
            "config_spec.postgresql_config_<PostgreSQL_version>.<setting_N>"
          ]
        },
        "config_spec": {
          "postgresql_config_<PostgreSQL_version>": {
            "<setting_1>": "<value_1>",
            "<setting_2>": "<value_2>",
            ...
            "<setting_N>": "<value_N>"
          }
        }
      }' \
  mdb.api.cloud.yandex.net:443 \
  yandex.cloud.mdb.postgresql.v1.ClusterService.Update

    Where:

    • update_mask: List of settings you want to update as an array of strings (paths[]).

      In this case, list all the PostgreSQL settings to update.

    • config_spec.postgresql_config_<PostgreSQL_version>: PostgreSQL settings. Specify each setting on a separate line, separated by commas.

      See the method description for the list of PostgreSQL versions available for this parameter. See Cluster-level settings for descriptions and possible values of the settings.

    You can request the cluster ID with the list of clusters in the folder.

  4. Check the server response to make sure your request was successful.

Changing additional cluster settings

Warning

Changing additional settings will cause the cluster to restart. The exceptions are the maintenance window settings and deletion protection settings.

  1. Navigate to the folder dashboard and select Managed Service for PostgreSQL.

  2. Select the cluster and click Edit in the top panel.

  3. Change additional cluster settings:

    • Backup start time (UTC): Time interval during which the cluster backup starts. Time is specified in 24-hour UTC format. The default time is 22:00 - 23:00 UTC.

    • Retention period for automatic backups, days: Retention period for automatic backups. Backups are automatically deleted once their retention period expires. The default is 7 days. For more information, see Backups.

      Changing the retention period affects both new and existing automatic backups. For example, the initial retention period was 7 days. A specific automatic backup has 1 day of remaining lifetime. If you increase the retention period to 9 days, that backup’s remaining lifetime becomes 3 days.

      Automatic cluster backups are stored for a specified number of days, while manually created ones are stored indefinitely. After a cluster is deleted, all its backups are retained for 7 days.

    • Maintenance window: Maintenance window settings:

      • To enable maintenance at any time, select arbitrary (default).
      • To specify the preferred maintenance start time, select by schedule and specify the desired day of the week and UTC hour. For example, you can choose a time when the cluster is least loaded.

      Maintenance operations are carried out both on enabled and disabled clusters. They may include updating the DBMS, applying patches, and so on.

    • DataLens access: Enables you to analyze cluster data in Yandex DataLens.

    • WebSQL access: Enables you to run SQL queries against cluster databases from the Yandex Cloud management console using Yandex WebSQL.

    • Yandex Query access: Enables you to run YQL queries against cluster databases from Yandex Query.

    • Serverless access: Enables cluster access from Yandex Cloud Functions. For more details on configuring access, see this Cloud Functions article.

    • Statistics sampling: Enables you to use the Performance diagnostics tool in a cluster. When enabling this option, also configure Sessions sampling interval and Statements sampling interval using the sliders. Both settings are measured in seconds.

    • Autofailover: If this option is enabled, the system will automatically update the replication source for all replica hosts to point to the new master host when the master changes. To learn more, see Replication.

      If the master host is deleted, a new master will be elected automatically, regardless of this setting.

      Alert

      If the Autofailover option is disabled, you must manually initiate an election for a new master or assign this role to a replica if the master host fails.

    • Pooling mode: Select one of the connection pooler modes.

    • Deletion protection: Deletion protection for the cluster, its databases, and users.

      By default, when users and databases are created, this setting’s value is inherited from the cluster. You can also specify this setting manually. See User management and Database management for details.

      If the setting is changed on a running cluster, the new value will only be inherited by users and databases with the Same as cluster protection level.

      Even with deletion protection enabled, one can still connect to the cluster manually and delete the data.

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

To change additional cluster settings:

  1. View the description of the CLI command for updating a cluster:

    yc managed-postgresql cluster update --help

  2. Run the following command with the list of settings to update:

    yc managed-postgresql cluster update <cluster_name_or_ID> \
    --backup-window-start <backup_start_time> \
    --backup-retain-period-days=<automatic_backup_retention_period_in_days> \
    --datalens-access=<allow_access_from_DataLens> \
    --maintenance-window type=<maintenance_type>,`
                        `day=<day_of_week>,`
                        `hour=<hour> \
    --websql-access=<allow_access_from_WebSQL> \
    --deletion-protection \
    --connection-pooling-mode=<connection_pooler_mode> \
    --serverless-access=<allow_access_from_Serverless_Containers> \
    --yandexquery-access=<allow_access_from_Yandex_Query> \
    --performance-diagnostics enabled=<enable_statistics_collection>,`
                             `sessions-sampling-interval=<session_sampling_interval>,`
                             `statements-sampling-interval=<statement_sampling_interval>

You can update the following settings:

  • --backup-window-start: The cluster backup start time, set in UTC format HH:MM:SS. If the time is not set, the backup will start at 22:00 UTC.

  • --backup-retain-period-days: Automatic backup retention period in days.

  • --datalens-access: Enables access from DataLens. The default value is false. For more information on setting up a connection, see Connecting to a cluster from DataLens.

  • --maintenance-window: Maintenance window settings (including for disabled clusters), where type is the maintenance type:

    • anytime: At any time (default).
    • weekly: On a schedule. For this value, also specify the following:
      • day: Day of week, i.e., MON, TUE, WED, THU, FRI, SAT, or SUN.
      • hour: Hour of day (UTC), from 1 to 24.

  • --websql-access: Enables SQL queries against cluster databases from the Yandex Cloud management console using Yandex WebSQL. The default value is false.

  • --serverless-access: Enables cluster access from Yandex Cloud Functions. The default value is false. For more details on configuring access, see this Cloud Functions article.

  • --yandexquery-access: Enables cluster access from Yandex Query. This feature is at the Preview stage and provided upon request.

  • --autofailover: Manages automatic master change setup. To learn more, see Replication. The default value is true.

  • --connection-pooling-mode: Specifies the connection pooler mode (SESSION, TRANSACTION, or STATEMENT).

  • --deletion-protection: Deletion ptotection for the cluster, its databases, and users.

    By default, when users and databases are created, this setting’s value is inherited from the cluster. You can also specify this setting manually. See User management and Database management for details.

    If the setting is changed on a running cluster, the new value will only be inherited by users and databases with the Same as cluster protection level.

    Even with deletion protection enabled, one can still connect to the cluster manually and delete the data.

  • --performance-diagnostics: Statistics collection settings:

    • enabled: If true, enables collecting statistics. The default value is false.
    • sessions-sampling-interval: Session sampling interval, seconds. The values range from 1 to 86400.
    • statements-sampling-interval: Statement sampling interval, seconds. The values range from 60 to 86400.

You can get the cluster name with the list of clusters in the folder.

  1. Open the current Terraform configuration file describing your infrastructure.

    For information on how to create this file, see Creating a cluster.

    For a complete list of Managed Service for PostgreSQL cluster configuration fields you can update, see this Terraform provider article.

  2. To change the backup start time, add the config.backup_window_start section to the Managed Service for PostgreSQL cluster description:

    resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  ...
  config {
    backup_window_start {
      hours   = <backup_start_hour>
      minutes = <backup_start_minute>
    }
    ...
  }
}

  3. To enable access from Yandex DataLens and allow SQL queries from the management console using Yandex WebSQL, edit relevant fields in the config.access section:

    resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  ...
  config {
    access {
      data_lens = <allow_access_from_DataLens>
      web_sql   = <allow_access_from_WebSQL>
      ...
  }
  ...
}

    Where:

    • data_lens: Access from DataLens, true or false.
    • web_sql: Execution of SQL queries from the management console using Yandex WebSQL (true or false).

  4. To change the connection pooler mode, add a config.pooler_config block to the Managed Service for PostgreSQL cluster description:

    resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  ...
  config {
    pooler_config {
      pool_discard = <clear_client_states_after_each_transaction>
      pooling_mode = "<operation_mode>"
    }
    ...
  }
}

    Where:

    • pool_discard: Defines whether clients should discard their state after each transaction, true or false.
    • pooling_mode: Operation mode, SESSION, TRANSACTION, or STATEMENT.

  5. To set up the maintenance window (for disabled clusters as well), add the maintenance_window section to the cluster description:

    resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  ...
  maintenance_window {
    type = <maintenance_type>
    day  = <day_of_week>
    hour = <hour>
  }
  ...
}

    Where:

    • type: Maintenance type. The possible values include:
      • ANYTIME: Anytime
      • WEEKLY: On a schedule
    • day: Day of week for the WEEKLY type, i.e., MON, TUE, WED, THU, FRI, SAT, or SUN.
    • hour: UTC hour for the WEEKLY type, from 1 to 24.

  6. To set up statistics collection, to the config section, add the performance_diagnostics section:

    resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  ...
  config {
    ...
    performance_diagnostics {
      enabled = <enables statistics collection: true or false>
      sessions_sampling_interval  = <sessions sampling interval>
      statements_sampling_interval = <statements sampling interval>
    }
    ...
  }
  ...
}

    Where:

    • enabled: Enable statistics collection, true or false.
    • sessions_sampling_interval: Session sampling interval, from 1 to 86400 seconds.
    • statements_sampling_interval: Statement sampling interval, from 60 to 86400 seconds.

  7. To enable protection of the cluster, its databases, and users against accidental deletion, add the deletion_protection field set to true to your cluster description:

    resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  ...
  deletion_protection = <protect_cluster_from_deletion>
}

    deletion_protection: Protection of the cluster, its databases, and users against deletion (true or false).

    By default, when users and databases are created, this setting’s value is inherited from the cluster. You can also specify this setting manually. See User management and Database management for details.

    If the setting is changed on a running cluster, the new value will only be inherited by users and databases with the Same as cluster protection level.

    Even with deletion protection enabled, one can still connect to the cluster manually and delete the data.

  8. Make sure the settings are correct.

    1. In the command line, navigate to the directory that contains the current Terraform configuration files defining the infrastructure.

    2. Run this command:

      terraform validate

      Terraform will show any errors found in your configuration files.

  9. Confirm updating the resources.

    1. Run this command to view the planned changes:

      terraform plan

      If you described the configuration correctly, the terminal will display a list of the resources to update and their parameters. This is a verification step that does not apply changes to your resources.

    2. If everything looks correct, apply the changes:

      1. Run this command:

        terraform apply

      2. Confirm updating the resources.

      3. Wait for the operation to complete.

    Time limits

    A Terraform provider sets the timeout for Managed Service for PostgreSQL cluster operations:

    • Creating a cluster, including restoring from a backup: 30 minutes.
    • Editing a cluster: 60 minutes.
    • Deleting a cluster: 15 minutes.

    Operations exceeding the set timeout are interrupted.

    How do I change these limits?

    Add the timeouts block to the cluster description, for example:

    resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  ...
  timeouts {
    create = "1h30m" # 1 hour 30 minutes
    update = "2h"    # 2 hours
    delete = "30m"   # 30 minutes
  }
}

  1. Get an IAM token for API authentication and set it as an environment variable:

    export IAM_TOKEN="<IAM_token>"

  2. Create a file named body.json and paste the following code into it:

    Warning

    The API method will assign default values to all the parameters of the object you are modifying unless you explicitly provide them in your request. To avoid this, list the settings you want to change in the updateMask parameter as a single comma-separated string.

    {
  "updateMask": "configSpec.poolerConfig,configSpec.backupWindowStart,configSpec.backupRetainPeriodDays,configSpec.access,configSpec.performanceDiagnostics.sessionsSamplingInterval,configSpec.performanceDiagnostics.statementsSamplingInterval,maintenanceWindow,deletionProtection",
  "configSpec": {
    "poolerConfig": {
      "poolingMode": "<connection_pooling_mode>",
      "poolDiscard": <clear_client_states_after_each_transaction>
    },
    "backupWindowStart": {
      "hours": "<hours>",
      "minutes": "<minutes>",
      "seconds": "<seconds>",
      "nanos": "<nanoseconds>"
    },
    "backupRetainPeriodDays": "<number_of_days>",
    "access": {
      "dataLens": <allow_access_from_DataLens>,
      "webSql": <allow_access_from_WebSQL>,
      "serverless": <allow_access_from_Cloud_Functions>,
      "dataTransfer": <allow_access_from_Data_Transfer>,
      "yandexQuery": <allow_access_from_Query>
    },
    "performanceDiagnostics": {
      "enabled": <enable_statistics_collection>,
      "sessionsSamplingInterval": "<session_sampling_interval>",
      "statementsSamplingInterval": "<statement_sampling_interval>"
    }
  },
  "maintenanceWindow": {
    "weeklyMaintenanceWindow": {
      "day": "<day_of_week>",
      "hour": "<hour>"
    }
  },
  "deletionProtection": <protect_cluster_from_deletion>
}

    Where:

    • updateMask: Comma-separated list of settings you want to update.

    • configSpec: Cluster settings:

      • poolerConfig: Connection pooler settings:

        • poolingMode: Connection pooler's operation mode. Possible values: SESSION, TRANSACTION, and STATEMENT. For more information on each of the modes, see Managing PostgreSQL connections.
        • poolDiscard: Defines whether clients should discard their state after each transaction, true or false. Similar to the server_reset_query_always for the PgBouncer connection pooler.

      • backupWindowStart: Backup window settings.

        Specify backup start time in this parameter. Allowed values:

        • hours: Between 0 and 23 hours.
        • minutes: Between 0 and 59 minutes.
        • seconds: Between 0 and 59 seconds.
        • nanos: Between 0 and 999999999 nanoseconds.

      • backupRetainPeriodDays: Number of days to retain the cluster backup. Possible values: between 7 and 60 days.

      • access: Cluster settings for access to the following Yandex Cloud services:

        The possible setting values are true or false.

      • performanceDiagnostics: Statistics collection settings:

        • enabled: Enables statistics collection, true or false.
        • sessionsSamplingInterval: Session sampling interval. The values range from 1 to 86400 seconds.
        • statementsSamplingInterval: Statement sampling interval. The values range from 60 to 86400 seconds.

    • maintenanceWindow: Maintenance window settings (including for disabled clusters). In maintenanceWindow, provide one of the two parameters:

      • anytime: Maintenance can take place at any time.

      • weeklyMaintenanceWindow: Maintenance takes place once a week at the specified time:

        • day: Day of week, in DDD format.
        • hour: Hour, in HH format. The values range from 1 to 24 hours.

    • deletionProtection: Protection of the cluster, its databases, and users against deletion, true or false value.

      By default, when users and databases are created, this setting’s value is inherited from the cluster. You can also specify this setting manually. See User management and Database management for details.

      If the setting is changed on a running cluster, the new value will only be inherited by users and databases with the Same as cluster protection level.

      Even with deletion protection enabled, one can still connect to the cluster manually and delete the data.

    You can request the cluster ID with the list of clusters in the folder.

  3. Call the Cluster.Update method, e.g., via the following cURL request:

    curl \
  --request PATCH \
  --header "Authorization: Bearer $IAM_TOKEN" \
  --header "Content-Type: application/json" \
  --url 'https://mdb.api.cloud.yandex.net/managed-postgresql/v1/clusters/<cluster_ID>' \
  --data "@body.json"

  4. Check the server response to make sure your request was successful.

  1. Get an IAM token for API authentication and save it as an environment variable:

    export IAM_TOKEN="<IAM_token>"

  2. Clone the cloudapi repository:

    cd ~/ && git clone --depth=1 https://github.com/yandex-cloud/cloudapi

    Below, we assume the repository contents are stored in the ~/cloudapi/ directory.

  3. Create a file named body.json and paste the following code into it:

    Warning

    The API method will assign default values to all the parameters of the object you are modifying unless you explicitly provide them in your request. To avoid this, list the settings you want to change in the update_mask parameter as an array of paths[] strings.

    Format for listing settings
    "update_mask": {
    "paths": [
        "<setting_1>",
        "<setting_2>",
        ...
        "<setting_N>"
    ]
}

    {
  "cluster_id": "<cluster_ID>",
  "update_mask": {
    "paths": [
      "config_spec.pooler_config",
      "config_spec.backup_window_start",
      "config_spec.backup_retain_period_days",
      "config_spec.access",
      "config_spec.performance_diagnostics.sessions_sampling_interval",
      "config_spec.performance_diagnostics.statements_sampling_interval",
      "maintenance_window",
      "deletion_protection"
    ]
  },
  "config_spec": {
    "pooler_config": {
      "pooling_mode": "<connection_pooling_mode>",
      "pool_discard": <clear_client_states_after_each_transaction>
    },
    "backup_window_start": {
      "hours": "<hours>",
      "minutes": "<minutes>",
      "seconds": "<seconds>",
      "nanos": "<nanoseconds>"
    },
    "backup_retain_period_days": "<number_of_days>",
    "access": {
      "data_lens": <allow_access_from_DataLens>,
      "web_sql": <allow_access_from_WebSQL>,
      "serverless": <allow_access_from_Cloud_Functions>,
      "data_transfer": <allow_access_from_Data_Transfer>,
      "yandex_query": <allow_access_from_Query>
    },
    "performance_diagnostics": {
      "enabled": <enable_statistics_collection>,
      "sessions_sampling_interval": "<session_sampling_interval>",
      "statements_sampling_interval": "<statement_sampling_interval>"
    }
  },
  "maintenance_window": {
    "weekly_maintenance_window": {
      "day": "<day_of_week>",
      "hour": "<hour>"
    }
  },
  "deletion_protection": <protect_cluster_from_deletion>
}

    Where:

    • update_mask: List of settings you want to update as an array of strings (paths[]).

    • config_spec: Cluster settings:

      • pooler_config: Connection pooler settings:

        • pooling_mode: Connection pooler's operation mode. Possible values: SESSION, TRANSACTION, and STATEMENT. For more information on each of the modes, see Managing PostgreSQL connections.
        • pool_discard: Defines whether clients should discard their state after each transaction, true or false. Similar to the server_reset_query_always for the PgBouncer connection pooler.

      • backup_window_start: Backup window settings.

        In this setting, specify the backup start time. Allowed values:

        • hours: Between 0 and 23 hours.
        • minutes: Between 0 and 59 minutes.
        • seconds: Between 0 and 59 seconds.
        • nanos: Between 0 and 999999999 nanoseconds.

      • backup_retain_period_days: Number of days to retain the cluster backup. Possible values: between 7 and 60 days.

      • access: Cluster settings for access to the following Yandex Cloud services:

        The possible setting values are true or false.

      • performance_diagnostics: Statistics collection settings:

        • enabled: Enables statistics collection, true or false.
        • sessions_sampling_interval: Session sampling interval. The values range from 1 to 86400 seconds.
        • statements_sampling_interval: Statement sampling interval. The values range from 60 to 86400 seconds.

    • maintenance_window: Maintenance window settings (including for disabled clusters). In maintenance_window, provide one of the two parameters:

      • anytime: Maintenance can take place at any time.

      • weekly_maintenance_window: Maintenance takes place once a week at the specified time:

        • day: Day of week, in DDD format.
        • hour: Hour, in HH format. The values range from 1 to 24 hours.

    • deletion_protection: Protection of the cluster, its databases, and users against deletion, true or false value.

      By default, when users and databases are created, this setting’s value is inherited from the cluster. You can also specify this setting manually. See User management and Database management for details.

      If the setting is changed on a running cluster, the new value will only be inherited by users and databases with the Same as cluster protection level.

      Even with deletion protection enabled, one can still connect to the cluster manually and delete the data.

    You can request the cluster ID with the list of clusters in the folder.

  4. Use the ClusterService.Update call and send the following request, e.g., via gRPCurl:

    grpcurl \
  -format json \
  -import-path ~/cloudapi/ \
  -import-path ~/cloudapi/third_party/googleapis/ \
  -proto ~/cloudapi/yandex/cloud/mdb/postgresql/v1/cluster_service.proto \
  -rpc-header "Authorization: Bearer $IAM_TOKEN" \
  -d @ \
  mdb.api.cloud.yandex.net:443 \
  yandex.cloud.mdb.postgresql.v1.ClusterService.Update \
  < body.json

  5. Check the server response to make sure your request was successful.

Connection Manager

If you cluster has no integration with Connection Manager, enable Use Connection Manager. You can only do this in the management console.

The following resources will be created for each database user:

The connection and secret will be created for each new database user. To view all connections, open the Connections tab on the cluster page.

You need the connection-manager.viewer role to view connection info. You can use Connection Manager to configure access to connections.

Note

You can use Connection Manager and secrets you create with it free of charge.

Manually switching the master host

In a fault-tolerant Managed Service for PostgreSQL cluster with multiple hosts, you can switch the master role from the current master host to one of the replicas. Once you switch the role, the current master host becomes a replica host for the new master.

Specifics of switching master hosts in Managed Service for PostgreSQL

  • You cannot switch the master host to a replica for which the source of the replication stream is explicitly given.
  • If you do not specify the replica host name explicitly, the master host will switch to one of the quorum replicas.

To learn more, see Replication.

To switch the master:

  1. Navigate to the folder dashboard and select Managed Service for PostgreSQL.
  2. Click the name of your cluster and open the Hosts tab.
  3. Click Switch master.
    • To switch the master to one of the quorum replicas, leave the Choose master host automatically option enabled.
    • To switch the master to a specific replica, disable the Choose master host automatically option and then select the replica from the drop-down list.
  4. Click Switch.

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

Run this command:

yc managed-postgresql cluster start-failover <cluster_name_or_ID> \
    --host <replica_host_name>

You can request the replica host name with the list of cluster hosts and the cluster name with the list of clusters in the folder.

  1. Open the current Terraform configuration file describing your infrastructure.

    For information on how to create this file, see Creating a cluster.

    For a complete list of Managed Service for PostgreSQL cluster configuration fields you can update, see this Terraform provider article.

  2. In the host_master_name parameter, specify the name of the replica host to switch to.

    resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  ...
  host_master_name = "<replica_host_name>"
}

    Where host_master_name is the name of the replica host, i.e., the name attribute of the appropriate host section.

  3. Make sure the settings are correct.

    1. In the command line, navigate to the directory that contains the current Terraform configuration files defining the infrastructure.

    2. Run this command:

      terraform validate

      Terraform will show any errors found in your configuration files.

  4. Confirm updating the resources.

    1. Run this command to view the planned changes:

      terraform plan

      If you described the configuration correctly, the terminal will display a list of the resources to update and their parameters. This is a verification step that does not apply changes to your resources.

    2. If everything looks correct, apply the changes:

      1. Run this command:

        terraform apply

      2. Confirm updating the resources.

      3. Wait for the operation to complete.

    Time limits

    A Terraform provider sets the timeout for Managed Service for PostgreSQL cluster operations:

    • Creating a cluster, including restoring from a backup: 30 minutes.
    • Editing a cluster: 60 minutes.
    • Deleting a cluster: 15 minutes.

    Operations exceeding the set timeout are interrupted.

    How do I change these limits?

    Add the timeouts block to the cluster description, for example:

    resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  ...
  timeouts {
    create = "1h30m" # 1 hour 30 minutes
    update = "2h"    # 2 hours
    delete = "30m"   # 30 minutes
  }
}

  1. Get an IAM token for API authentication and set it as an environment variable:

    export IAM_TOKEN="<IAM_token>"

  2. Call the Cluster.StartFailover method, e.g., via the following cURL request:

    curl \
  --request POST \
  --header "Authorization: Bearer $IAM_TOKEN" \
  --header "Content-Type: application/json" \
  --url 'https://mdb.api.cloud.yandex.net/managed-postgresql/v1/clusters/<cluster_ID>:startFailover' \
  --data '{
            "hostName": "<host_FQDN>"
          }'

    Where hostName is the FQDN of the replica which becomes the master host.

    You can request the cluster ID with the list of clusters in the folder.

  3. Check the server response to make sure your request was successful.

  1. Get an IAM token for API authentication and set it as an environment variable:

    export IAM_TOKEN="<IAM_token>"

  2. Clone the cloudapi repository:

    cd ~/ && git clone --depth=1 https://github.com/yandex-cloud/cloudapi

    Below, we assume the repository contents are stored in the ~/cloudapi/ directory.

  3. Use the ClusterService.StartFailover call and send the following request, e.g., via gRPCurl:

    grpcurl \
  -format json \
  -import-path ~/cloudapi/ \
  -import-path ~/cloudapi/third_party/googleapis/ \
  -proto ~/cloudapi/yandex/cloud/mdb/postgresql/v1/cluster_service.proto \
  -rpc-header "Authorization: Bearer $IAM_TOKEN" \
  -d '{
        "cluster_id": "<cluster_ID>",
        "host_name": "<host_FQDN>"
      }' \
  mdb.api.cloud.yandex.net:443 \
  yandex.cloud.mdb.postgresql.v1.ClusterService.StartFailover

    Where host_name is the FQDN of the replica which becomes the master host.

    You can request the cluster ID with the list of clusters in the folder.

  4. Check the server response to make sure your request was successful.

Moving a cluster

  1. Navigate to the folder dashboard and select Managed Service for PostgreSQL.
  2. Click to the right of the cluster you want to move.
  3. Select Move.
  4. Select the destination folder for your cluster.
  5. Click Move.

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

To move a cluster:

  1. See the description of the CLI command for moving a cluster:

    yc managed-postgresql cluster move --help

  2. Run this command, specifying the destination folder:

    yc managed-postgresql cluster move <cluster_ID> \
   --destination-folder-name=<destination_folder_name>

    You can get the cluster ID with the list of clusters in the folder.

  1. Open the current Terraform configuration file describing your infrastructure.

    For information on how to create this file, see Creating a cluster.

  2. In the Managed Service for PostgreSQL cluster description, edit or add the folder_id parameter value:

    resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  ...
  folder_id = "<destination_folder_ID>"
}

  3. Make sure the settings are correct.

    1. In the command line, navigate to the directory that contains the current Terraform configuration files defining the infrastructure.

    2. Run this command:

      terraform validate

      Terraform will show any errors found in your configuration files.

  4. Confirm updating the resources.

    1. Run this command to view the planned changes:

      terraform plan

      If you described the configuration correctly, the terminal will display a list of the resources to update and their parameters. This is a verification step that does not apply changes to your resources.

    2. If everything looks correct, apply the changes:

      1. Run this command:

        terraform apply

      2. Confirm updating the resources.

      3. Wait for the operation to complete.

For more information, see this Terraform provider guide.

Time limits

A Terraform provider sets the timeout for Managed Service for PostgreSQL cluster operations:

  • Creating a cluster, including restoring from a backup: 30 minutes.
  • Editing a cluster: 60 minutes.
  • Deleting a cluster: 15 minutes.

Operations exceeding the set timeout are interrupted.

How do I change these limits?

Add the timeouts block to the cluster description, for example:

resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  ...
  timeouts {
    create = "1h30m" # 1 hour 30 minutes
    update = "2h"    # 2 hours
    delete = "30m"   # 30 minutes
  }
}

  1. Get an IAM token for API authentication and set it as an environment variable:

    export IAM_TOKEN="<IAM_token>"

  2. Call the Cluster.Move method, e.g., via the following cURL request:

    curl \
  --request POST \
  --header "Authorization: Bearer $IAM_TOKEN" \
  --header "Content-Type: application/json" \
  --url 'https://mdb.api.cloud.yandex.net/managed-postgresql/v1/clusters/<cluster_ID>:move' \
  --data '{
            "destinationFolderId": "<folder_ID>"
          }'

    Where destinationFolderId is the ID of the folder to which you are moving your cluster. You can get this ID with the list of folders in the cloud.

    You can request the cluster ID with the list of clusters in the folder.

  3. Check the server response to make sure your request was successful.

  1. Get an IAM token for API authentication and set it as an environment variable:

    export IAM_TOKEN="<IAM_token>"

  2. Clone the cloudapi repository:

    cd ~/ && git clone --depth=1 https://github.com/yandex-cloud/cloudapi

    Below, we assume the repository contents are stored in the ~/cloudapi/ directory.

  3. Use the ClusterService.Move call and send the following request, e.g., via gRPCurl:

    grpcurl \
  -format json \
  -import-path ~/cloudapi/ \
  -import-path ~/cloudapi/third_party/googleapis/ \
  -proto ~/cloudapi/yandex/cloud/mdb/postgresql/v1/cluster_service.proto \
  -rpc-header "Authorization: Bearer $IAM_TOKEN" \
  -d '{
        "cluster_id": "<cluster_ID>",
        "destination_folder_id": "<folder_ID>"
      }' \
  mdb.api.cloud.yandex.net:443 \
  yandex.cloud.mdb.postgresql.v1.ClusterService.Move

    Where destination_folder_id is the ID of the folder you want to move your cluster to. You can get this ID with the list of folders in the cloud.

    You can request the cluster ID with the list of clusters in the folder.

  4. Check the server response to make sure your request was successful.

After the cluster is moved, it will continue using the cloud network from the source folder. If you want to host the cluster in a different cloud network, use the restore from a backup feature and specify the required network for the cluster backup.

To move a cluster to a different availability zone, follow this guide. You will thus move the cluster hosts.

Editing security groups

  1. Navigate to the folder dashboard and select Managed Service for PostgreSQL.
  2. Select the cluster and click Edit in the top panel.
  3. Under Network settings, select security groups for cluster network traffic.

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

To edit the list of security groups for your cluster:

  1. View the description of the CLI command for updating a cluster:

    yc managed-postgresql cluster update --help

  2. Run this command, specifying the security groups:

    yc managed-postgresql cluster update <cluster_name_or_ID> \
    --security-group-ids <list_of_security_group_IDs>

  1. Open the current Terraform configuration file describing your infrastructure.

    For information on how to create this file, see Creating a cluster.

    For a complete list of Managed Service for PostgreSQL cluster configuration fields you can update, see this Terraform provider article.

  2. Edit the security_group_ids value in the cluster description:

    resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  ...
  security_group_ids = [ <list_of_security_group_IDs> ]
}

  3. Make sure the settings are correct.

    1. In the command line, navigate to the directory that contains the current Terraform configuration files defining the infrastructure.

    2. Run this command:

      terraform validate

      Terraform will show any errors found in your configuration files.

  4. Confirm updating the resources.

    1. Run this command to view the planned changes:

      terraform plan

      If you described the configuration correctly, the terminal will display a list of the resources to update and their parameters. This is a verification step that does not apply changes to your resources.

    2. If everything looks correct, apply the changes:

      1. Run this command:

        terraform apply

      2. Confirm updating the resources.

      3. Wait for the operation to complete.

    Time limits

    A Terraform provider sets the timeout for Managed Service for PostgreSQL cluster operations:

    • Creating a cluster, including restoring from a backup: 30 minutes.
    • Editing a cluster: 60 minutes.
    • Deleting a cluster: 15 minutes.

    Operations exceeding the set timeout are interrupted.

    How do I change these limits?

    Add the timeouts block to the cluster description, for example:

    resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  ...
  timeouts {
    create = "1h30m" # 1 hour 30 minutes
    update = "2h"    # 2 hours
    delete = "30m"   # 30 minutes
  }
}

  1. Get an IAM token for API authentication and save it as an environment variable:

    export IAM_TOKEN="<IAM_token>"

  2. Call the Cluster.Update method, e.g., via the following cURL request:

    Warning

    The API method will assign default values to all the parameters of the object you are modifying unless you explicitly provide them in your request. To avoid this, list the settings you want to change in the updateMask parameter as a single comma-separated string.

    curl \
  --request PATCH \
  --header "Authorization: Bearer $IAM_TOKEN" \
  --header "Content-Type: application/json" \
  --url 'https://mdb.api.cloud.yandex.net/managed-postgresql/v1/clusters/<cluster_ID>' \
  --data '{
            "updateMask": "securityGroupIds",
            "securityGroupIds": [
              "<security_group_1_ID>",
              "<security_group_2_ID>",
              ...
              "<security_group_N_ID>"
            ]
          }'

    Where:

    • updateMask: Comma-separated list of settings you want to update.

      Here, we provide only one setting.

    • securityGroupIds: New list of security groups provided as array elements.

    You can request the cluster ID with the list of clusters in the folder.

  3. Check the server response to make sure your request was successful.

  1. Get an IAM token for API authentication and save it as an environment variable:

    export IAM_TOKEN="<IAM_token>"

  2. Clone the cloudapi repository:

    cd ~/ && git clone --depth=1 https://github.com/yandex-cloud/cloudapi

    Below, we assume the repository contents are stored in the ~/cloudapi/ directory.

  3. Use the ClusterService.Update call and send the following request, e.g., via gRPCurl:

    Warning

    The API method will assign default values to all the parameters of the object you are modifying unless you explicitly provide them in your request. To avoid this, list the settings you want to change in the update_mask parameter as an array of paths[] strings.

    Format for listing settings
    "update_mask": {
    "paths": [
        "<setting_1>",
        "<setting_2>",
        ...
        "<setting_N>"
    ]
}

    grpcurl \
  -format json \
  -import-path ~/cloudapi/ \
  -import-path ~/cloudapi/third_party/googleapis/ \
  -proto ~/cloudapi/yandex/cloud/mdb/postgresql/v1/cluster_service.proto \
  -rpc-header "Authorization: Bearer $IAM_TOKEN" \
  -d '{
        "cluster_id": "<cluster_ID>",
        "update_mask": {
          "paths": [
            "security_group_ids"
          ]
        },
        "security_group_ids": [
          "<security_group_1_ID>",
          "<security_group_2_ID>",
          ...
          "<security_group_N_ID>"
        ]
      }' \
  mdb.api.cloud.yandex.net:443 \
  yandex.cloud.mdb.postgresql.v1.ClusterService.Update

    Where:

    • update_mask: List of settings you want to update as an array of strings (paths[]).

      Here, we provide only one setting.

    • security_group_ids: New list of security groups provided as array elements.

    You can request the cluster ID with the list of clusters in the folder.

  4. Check the server response to make sure your request was successful.

Warning

You may need to additionally configure security groups to connect to the cluster.

Previous
Creating a cluster
Next
Stopping and starting a cluster