Contact UsTry it for free
© 2026 Direct Cursus Technology L.L.C.

Updating PostgreSQL cluster settings

Written by
Updated at December 25, 2025

After creating a cluster, you can:

Note

All configuration changes require the cluster to be running.

Learn more about other cluster updates:

Changing the host class

Note

Some PostgreSQL settings depend on the selected host class.

When changing the host class:

  • A single-host cluster will be unavailable for a few minutes and all database connections will be dropped.
  • A multi-host cluster will switch to a new master host and undergo a rolling update. Each of its hosts will be sequentially stopped and taken offline for a few minutes to be updated.
  • Using a special FQDN does not guarantee a stable database connection, and user sessions can be terminated.

We recommend changing the host class only when your cluster has no active workload.

  1. Go to Managed Service for PostgreSQL.
  2. Select your cluster and click Edit in the top panel.
  3. Under Host class, select the PostgreSQL host class.
  4. Click Save changes.

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

To change the host class for a cluster:

  1. View the description of the CLI command for updating a cluster:

    yc managed-postgresql cluster update --help

  2. Get the list of available host classes (the ZONE IDS column lists the availability zones you can select a class in):

    yc managed-postgresql resource-preset list

    +-----------+--------------------------------+-------+----------+
|    ID     |            ZONE IDS            | CORES |  MEMORY  |
+-----------+--------------------------------+-------+----------+
| s1.micro  | ru-central1-a, ru-central1-b,  |     2 | 8.0 GB   |
|           | ru-central1-d                  |       |          |
| ...                                                           |
+-----------+--------------------------------+-------+----------+

  3. Specify the required host class in the cluster update command:

    yc managed-postgresql cluster update <cluster_name_or_ID> \
    --resource-preset <host_class_ID>

    Managed Service for PostgreSQL will start updating the host class for your cluster.

  1. Open the current Terraform configuration file describing your infrastructure.

    Learn how to create this file in Creating a cluster.

    For a complete list of configurable Managed Service for PostgreSQL cluster fields, refer to the Terraform provider guides.

  2. In the Managed Service for PostgreSQL cluster description, update the resource_preset_id attribute value under config.resources:

    resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  ...
  config {
    resources {
      resource_preset_id = "<host_class>"
      ...
    }
  }
}

  3. Validate your configuration.

    1. In the command line, navigate to the directory that contains the current Terraform configuration files defining the infrastructure.

    2. Run this command:

      terraform validate

      Terraform will show any errors found in your configuration files.

  4. Confirm resource changes.

    1. Run this command to view the planned changes:

      terraform plan

      If you described the configuration correctly, the terminal will display a list of the resources to update and their parameters. This is a verification step that does not apply changes to your resources.

    2. If everything looks correct, apply the changes:

      1. Run this command:

        terraform apply

      2. Confirm updating the resources.

      3. Wait for the operation to complete.

    Timeouts

    The Terraform provider sets the following timeouts for Managed Service for PostgreSQL cluster operations:

    • Creating a cluster, including restoration from a backup: 30 minutes.
    • Updating a cluster: 60 minutes.
    • Deleting a cluster: 15 minutes.

    Operations exceeding the timeout are aborted.

    How can I change these timeouts?

    Add a timeouts section to the cluster description, e.g.:

    resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  ...
  timeouts {
    create = "1h30m" # 1 hour 30 minutes
    update = "2h"    # 2 hours
    delete = "30m"   # 30 minutes
  }
}

  1. Get an IAM token for API authentication and place it in an environment variable:

    export IAM_TOKEN="<IAM_token>"

  2. Call the Cluster.Update method, for instance, via the following cURL request:

    Warning

    The API method will assign default values to all the parameters of the object you are modifying unless you explicitly provide them in your request. To avoid this, list the settings you want to change in the updateMask parameter as a single comma-separated string.

    curl \
  --request PATCH \
  --header "Authorization: Bearer $IAM_TOKEN" \
  --header "Content-Type: application/json" \
  --url 'https://mdb.api.cloud.yandex.net/managed-postgresql/v1/clusters/<cluster_ID>' \
  --data '{
            "updateMask": "configSpec.resources.resourcePresetId",
            "configSpec": {
              "resources": {
                "resourcePresetId": "<host_class>"
              }
            }
          }'

    Where:

    • updateMask: Comma-separated string of settings you want to update.

      Here, we provide only one setting.

    • configSpec.resources.resourcePresetId: New host class.

    You can get the cluster ID from the folder’s cluster list.

  3. View the server response to make sure your request was successful.

  1. Get an IAM token for API authentication and place it in an environment variable:

    export IAM_TOKEN="<IAM_token>"

  2. Clone the cloudapi repository:

    cd ~/ && git clone --depth=1 https://github.com/yandex-cloud/cloudapi

    Below, we assume the repository contents are stored in the ~/cloudapi/ directory.

  3. Call the ClusterService.Update method, for instance, via the following gRPCurl request:

    Warning

    The API method will assign default values to all the parameters of the object you are modifying unless you explicitly provide them in your request. To avoid this, list the settings you want to change in the update_mask parameter as an array of paths[] strings.

    Format for listing settings
    "update_mask": {
    "paths": [
        "<setting_1>",
        "<setting_2>",
        ...
        "<setting_N>"
    ]
}

    grpcurl \
  -format json \
  -import-path ~/cloudapi/ \
  -import-path ~/cloudapi/third_party/googleapis/ \
  -proto ~/cloudapi/yandex/cloud/mdb/postgresql/v1/cluster_service.proto \
  -rpc-header "Authorization: Bearer $IAM_TOKEN" \
  -d '{
        "cluster_id": "<cluster_ID>",
        "update_mask": {
          "paths": [
            "config_spec.resources.resource_preset_id"
          ]
        },
        "config_spec": {
          "resources": {
            "resource_preset_id": "<host_class>"
          }
        }
      }' \
  mdb.api.cloud.yandex.net:443 \
  yandex.cloud.mdb.postgresql.v1.ClusterService.Update

    Where:

    • update_mask: List of settings you want to update as an array of strings (paths[]).

      Here, we provide only one setting.

    • config_spec.resources.resource_preset_id: New host class.

    You can get the cluster ID from the folder’s cluster list.

  4. Check the server response to make sure your request was successful.

Changing PostgreSQL settings

You can change the DBMS settings for the hosts in your cluster.

Warning

  1. Go to Managed Service for PostgreSQL.
  2. Select your cluster and click Edit in the top panel.
  3. Change the PostgreSQL settings by clicking Settings under DBMS settings.
  4. Click Save.
  5. Click Save changes.

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

To update the PostgreSQL settings:

  1. View the full list of cluster settings:

    yc managed-postgresql cluster get <cluster_name_or_ID> --full

  2. View the description of the CLI command for updating the cluster configuration:

    yc managed-postgresql cluster update-config --help

  3. Provide the arguments as needed:

    All supported arguments are listed in the postgresqlConfig_<PostgreSQL_version> field of the update method’s request format. To specify an argument name in the CLI call, convert its name from lowerCamelCase to snake_case. For example, the maxPreparedTransactions argument from the API request becomes max_prepared_transactions for the CLI command:

    yc managed-postgresql cluster update-config <cluster_name_or_ID> \
   --set <parameter_1_name>=<value_1>,<parameter_2_name>=<value_2>,...

    Managed Service for PostgreSQL will start updating the cluster settings.

  1. Open the current Terraform configuration file describing your infrastructure.

    Learn how to create this file in Creating a cluster.

    For a complete list of configurable Managed Service for PostgreSQL cluster fields, refer to the Terraform provider guides.

  2. Update the settings in the config.postgresql_config section of your Managed Service for PostgreSQL cluster description. If there is no such section, create one.

    resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  ...
  config {
    ...
    postgresql_config = {
      max_connections                   = <maximum_number_of_connections>
      enable_parallel_hash              = <true_or_false>
      vacuum_cleanup_index_scale_factor = <number_between_0_and_1>
      ...
    }
  }
}

  3. Validate your configuration.

    1. In the command line, navigate to the directory that contains the current Terraform configuration files defining the infrastructure.

    2. Run this command:

      terraform validate

      Terraform will show any errors found in your configuration files.

  4. Confirm resource changes.

    1. Run this command to view the planned changes:

      terraform plan

      If you described the configuration correctly, the terminal will display a list of the resources to update and their parameters. This is a verification step that does not apply changes to your resources.

    2. If everything looks correct, apply the changes:

      1. Run this command:

        terraform apply

      2. Confirm updating the resources.

      3. Wait for the operation to complete.

    Timeouts

    The Terraform provider sets the following timeouts for Managed Service for PostgreSQL cluster operations:

    • Creating a cluster, including restoration from a backup: 30 minutes.
    • Updating a cluster: 60 minutes.
    • Deleting a cluster: 15 minutes.

    Operations exceeding the timeout are aborted.

    How can I change these timeouts?

    Add a timeouts section to the cluster description, e.g.:

    resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  ...
  timeouts {
    create = "1h30m" # 1 hour 30 minutes
    update = "2h"    # 2 hours
    delete = "30m"   # 30 minutes
  }
}

  1. Get an IAM token for API authentication and place it in an environment variable:

    export IAM_TOKEN="<IAM_token>"

  2. Call the Cluster.Update method, for instance, via the following cURL request:

    Warning

    The API method will assign default values to all the parameters of the object you are modifying unless you explicitly provide them in your request. To avoid this, list the settings you want to change in the updateMask parameter as a single comma-separated string.

    curl \
  --request PATCH \
  --header "Authorization: Bearer $IAM_TOKEN" \
  --header "Content-Type: application/json" \
  --url 'https://mdb.api.cloud.yandex.net/managed-postgresql/v1/clusters/<cluster_ID>' \
  --data '{
            "updateMask": "configSpec.postgresqlConfig_<PostgreSQL_version>.<setting_1>,...,configSpec.postgresqlConfig_<PostgreSQL_version>.<setting_N>",
            "configSpec": {
              "postgresqlConfig_<PostgreSQL_version>": {
                "<setting_1>": "<value_1>",
                "<setting_2>": "<value_2>",
                ...
                "<setting_N>": "<value_N>"
              }
            }
          }'

    Where:

    • updateMask: Comma-separated string of settings you want to update.

      List all PostgreSQL settings you want to update.

    • configSpec.postgresqlConfig_<PostgreSQL_version>: PostgreSQL settings. Enter each setting on a new line, separated by commas.

      See the method description for the list of PostgreSQL versions supporting this option. See Cluster-level settings for the descriptions and possible values of the settings.

    You can get the cluster ID from the folder’s cluster list.

  3. View the server response to make sure your request was successful.

  1. Get an IAM token for API authentication and place it in an environment variable:

    export IAM_TOKEN="<IAM_token>"

  2. Clone the cloudapi repository:

    cd ~/ && git clone --depth=1 https://github.com/yandex-cloud/cloudapi

    Below, we assume the repository contents are stored in the ~/cloudapi/ directory.

  3. Call the ClusterService.Update method, for instance, via the following gRPCurl request:

    Warning

    The API method will assign default values to all the parameters of the object you are modifying unless you explicitly provide them in your request. To avoid this, list the settings you want to change in the update_mask parameter as an array of paths[] strings.

    Format for listing settings
    "update_mask": {
    "paths": [
        "<setting_1>",
        "<setting_2>",
        ...
        "<setting_N>"
    ]
}

    grpcurl \
  -format json \
  -import-path ~/cloudapi/ \
  -import-path ~/cloudapi/third_party/googleapis/ \
  -proto ~/cloudapi/yandex/cloud/mdb/postgresql/v1/cluster_service.proto \
  -rpc-header "Authorization: Bearer $IAM_TOKEN" \
  -d '{
        "cluster_id": "<cluster_ID>",
        "update_mask": {
          "paths": [
            "config_spec.postgresql_config_<PostgreSQL_version>.<setting_1>",
            "config_spec.postgresql_config_<PostgreSQL_version>.<setting_2>",
            ...,
            "config_spec.postgresql_config_<PostgreSQL_version>.<setting_N>"
          ]
        },
        "config_spec": {
          "postgresql_config_<PostgreSQL_version>": {
            "<setting_1>": "<value_1>",
            "<setting_2>": "<value_2>",
            ...
            "<setting_N>": "<value_N>"
          }
        }
      }' \
  mdb.api.cloud.yandex.net:443 \
  yandex.cloud.mdb.postgresql.v1.ClusterService.Update

    Where:

    • update_mask: List of settings you want to update as an array of strings (paths[]).

      List all PostgreSQL settings you want to update.

    • config_spec.postgresql_config_<PostgreSQL_version>: PostgreSQL settings. Specify each setting on a new line, separated by commas.

      See the method description for the list of PostgreSQL versions supporting this option. See Cluster-level settings for the descriptions and possible values of the settings.

    You can get the cluster ID from the folder’s cluster list.

  4. View the server response to make sure your request was successful.

Changing additional cluster settings

Warning

Changing additional settings will restart the cluster. The only exceptions are the maintenance window and deletion protection settings.

  1. Go to Managed Service for PostgreSQL.

  2. Select your cluster and click Edit in the top panel.

  3. Update additional cluster settings:

    • Backup start time (UTC): Time interval during which the cluster backup starts. Time is specified in 24-hour UTC format. The default time is 22:00 - 23:00 UTC.

    • Retention period for automatic backups, days: Retention period for automatic backups. Backups are automatically deleted once their retention period expires. The default retention period is 7 days. For more information, see Backups.

      Changing the retention period affects both new and existing automatic backups. For example, the initial retention period was 7 days. A specific automatic backup has 1 day of remaining lifetime. If you increase the retention period to 9 days, that backup’s remaining lifetime becomes 3 days.

      Automatic cluster backups are stored for a specified number of days, while manually created ones are stored indefinitely. After a cluster is deleted, all its backups are retained for 7 days.

    • Maintenance window: Maintenance window settings:

      • To enable maintenance at any time, select arbitrary (default).
      • To specify the preferred maintenance start time, select by schedule and specify the desired day of the week and UTC hour. For example, you can choose a time when the cluster is least loaded.

      Maintenance operations are carried out both on enabled and disabled clusters. They may include updating the DBMS, applying patches, and so on.

    • DataLens access: Enables you to analyze cluster data in Yandex DataLens.

    • WebSQL access: Enables you to run SQL queries against cluster databases from the Yandex Cloud management console using Yandex WebSQL.

    • Yandex Query access: Enables you to run YQL queries against cluster databases from Yandex Query.

    • Serverless access: Enables cluster access from Yandex Cloud Functions. For more details on configuring access, see this Cloud Functions article.

    • Statistics sampling: Enables you to use the Performance diagnostics tool in a cluster. When enabling this option, also configure Sessions sampling interval and Statements sampling interval using the sliders. Both settings are measured in seconds.

    • Pooling mode: Select one of the connection pooler modes.

    • Deletion protection: Deletion protection for the cluster, its databases, and users.

      By default, when users and databases are created, this setting’s value is inherited from the cluster. You can also specify this setting manually. See User management and Database management for details.

      If the setting is changed on a running cluster, the new value will only be inherited by users and databases with the Same as cluster protection level.

      Even with deletion protection enabled, one can still connect to the cluster manually and delete the data.

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

To change additional cluster settings:

  1. View the description of the CLI command for updating a cluster:

    yc managed-postgresql cluster update --help

  2. Run the following command with the list of settings you want to update:

    yc managed-postgresql cluster update <cluster_name_or_ID> \
    --backup-window-start <backup_start_time> \
    --backup-retain-period-days=<automatic_backup_retention_period_in_days> \
    --datalens-access=<allow_access_from_DataLens> \
    --maintenance-window type=<maintenance_type>,`
                        `day=<day_of_week>,`
                        `hour=<hour> \
    --websql-access=<allow_access_from_WebSQL> \
    --deletion-protection \
    --connection-pooling-mode=<connection_pooler_mode> \
    --serverless-access=<allow_access_from_Serverless_Containers> \
    --yandexquery-access=<allow_access_from_Yandex_Query> \
    --performance-diagnostics enabled=<enable_statistics_collection>,`
                             `sessions-sampling-interval=<session_sampling_interval>,`
                             `statements-sampling-interval=<statement_sampling_interval>

You can update the following settings:

  • --backup-window-start: The cluster backup start time, set in UTC format HH:MM:SS. If the time is not set, the backup will start at 22:00 UTC.

  • --backup-retain-period-days: Retention period for automatic backups (in days).

  • --datalens-access: Enables access from DataLens. The default value is false. To learn more about configuring a connection, see Connecting to a cluster from DataLens.

  • --maintenance-window: Maintenance window settings (including for stopped clusters), where type is the maintenance type:

    • anytime: At any time (default).
    • weekly: On a schedule. For this value, also specify the following:
      • day: Day of week, i.e., MON, TUE, WED, THU, FRI, SAT, or SUN.
      • hour: Hour of day (UTC), from 1 to 24.

  • --websql-access: Enables running SQL queries on cluster databases from the Yandex Cloud management console using Yandex WebSQL. The default value is false.

  • --serverless-access: Enables access to the cluster from Yandex Cloud Functions. The default value is false. For details on setting up access, see this Cloud Functions article.

  • --yandexquery-access: Enables access to the cluster from Yandex Query. This feature is in the Preview stage and can be enabled upon request.

  • --connection-pooling-mode: Specifies the connection pooler mode (SESSION, TRANSACTION, or STATEMENT).

  • --deletion-protection: Deletion protection for the cluster, its databases, and users.

    By default, when users and databases are created, this setting’s value is inherited from the cluster. You can also specify this setting manually. See User management and Database management for details.

    If the setting is changed on a running cluster, the new value will only be inherited by users and databases with the Same as cluster protection level.

    Even with deletion protection enabled, one can still connect to the cluster manually and delete the data.

  • --performance-diagnostics: Statistics collection settings:

    • enabled: The value of true enables statistics collection. The default value is false.
    • sessions-sampling-interval: Session sampling interval in seconds. Allowed values range from 1 to 86400.
    • statements-sampling-interval: Statement sampling interval in seconds. Allowed values range from 60 to 86400.

You can get the cluster name from the folder’s cluster list.

  1. Open the current Terraform configuration file describing your infrastructure.

    Learn how to create this file in Creating a cluster.

    For a complete list of configurable Managed Service for PostgreSQL cluster fields, refer to the Terraform provider guides.

  2. To change the backup start time, add the config.backup_window_start section to the Managed Service for PostgreSQL cluster description:

    resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  ...
  config {
    backup_window_start {
      hours   = <backup_start_hour>
      minutes = <backup_start_minute>
    }
    ...
  }
}

  3. To allow access to the cluster from Yandex DataLens and to enable running SQL queries from the management console using Yandex WebSQL, update the relevant fields in the config.access section:

    resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  ...
  config {
    access {
      data_lens = <allow_access_from_DataLens>
      web_sql   = <allow_access_from_WebSQL>
      ...
  }
  ...
}

    Where:

    • data_lens: Enables access to the cluster from DataLens, true or false.
    • web_sql: Enables running SQL queries from the management console using Yandex WebSQL, true or false.

  4. To change the connection pooler mode, add a config.pooler_config section to the Managed Service for PostgreSQL cluster description:

    resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  ...
  config {
    pooler_config {
      pool_discard = <clear_client_states_after_each_transaction>
      pooling_mode = "<operation_mode>"
    }
    ...
  }
}

    Where:

    • pool_discard: Determines whether clients should discard their state after each transaction, true or false.
    • pooling_mode: Connection pooler mode, SESSION, TRANSACTION, or STATEMENT.

  5. To set up the maintenance window that will also apply to stopped clusters, add the maintenance_window section to the cluster description:

    resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  ...
  maintenance_window {
    type = <maintenance_type>
    day  = <day_of_week>
    hour = <hour>
  }
  ...
}

    Where:

    • type: Maintenance type. The possible values include:
      • ANYTIME: Anytime
      • WEEKLY: On a schedule
    • day: Day of week for the WEEKLY type, i.e., MON, TUE, WED, THU, FRI, SAT, or SUN.
    • hour: UTC hour for the WEEKLY type, from 1 to 24.

  6. To set up statistics collection, add the performance_diagnostics block to the config section:

    resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  ...
  config {
    ...
    performance_diagnostics {
      enabled                      = <activate_statistics_collection>
      sessions_sampling_interval   = <session_sampling_interval>
      statements_sampling_interval = <statement_sampling_interval>
    }
    ...
  }
  ...
}

    Where:

    • enabled: Enable statistics collection, true or false.
    • sessions_sampling_interval: Session sampling interval, from 1 to 86400 seconds.
    • statements_sampling_interval: Statement sampling interval, from 60 to 86400 seconds.

  7. To protect your cluster, its databases, and users against accidental deletion, add the deletion_protection field set to true to your cluster description:

    resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  ...
  deletion_protection = <protect_cluster_from_deletion>
}

    Where deletion_protection is the deletion protection for the cluster, its databases, and users, true or false.

    By default, when users and databases are created, this setting’s value is inherited from the cluster. You can also specify this setting manually. See User management and Database management for details.

    If the setting is changed on a running cluster, the new value will only be inherited by users and databases with the Same as cluster protection level.

    Even with deletion protection enabled, one can still connect to the cluster manually and delete the data.

  8. Validate your configuration.

    1. In the command line, navigate to the directory that contains the current Terraform configuration files defining the infrastructure.

    2. Run this command:

      terraform validate

      Terraform will show any errors found in your configuration files.

  9. Confirm resource changes.

    1. Run this command to view the planned changes:

      terraform plan

      If you described the configuration correctly, the terminal will display a list of the resources to update and their parameters. This is a verification step that does not apply changes to your resources.

    2. If everything looks correct, apply the changes:

      1. Run this command:

        terraform apply

      2. Confirm updating the resources.

      3. Wait for the operation to complete.

    Timeouts

    The Terraform provider sets the following timeouts for Managed Service for PostgreSQL cluster operations:

    • Creating a cluster, including restoration from a backup: 30 minutes.
    • Updating a cluster: 60 minutes.
    • Deleting a cluster: 15 minutes.

    Operations exceeding the timeout are aborted.

    How can I change these timeouts?

    Add a timeouts section to the cluster description, e.g.:

    resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  ...
  timeouts {
    create = "1h30m" # 1 hour 30 minutes
    update = "2h"    # 2 hours
    delete = "30m"   # 30 minutes
  }
}

  1. Get an IAM token for API authentication and place it in an environment variable:

    export IAM_TOKEN="<IAM_token>"

  2. Create a file named body.json and paste the following code into it:

    Warning

    The API method will assign default values to all the parameters of the object you are modifying unless you explicitly provide them in your request. To avoid this, list the settings you want to change in the updateMask parameter as a single comma-separated string.

    {
  "updateMask": "configSpec.poolerConfig,configSpec.backupWindowStart,configSpec.backupRetainPeriodDays,configSpec.access,configSpec.performanceDiagnostics.sessionsSamplingInterval,configSpec.performanceDiagnostics.statementsSamplingInterval,maintenanceWindow,deletionProtection",
  "configSpec": {
    "poolerConfig": {
      "poolingMode": "<connection_pooling_mode>",
      "poolDiscard": <clear_client_states_after_each_transaction>
    },
    "backupWindowStart": {
      "hours": "<hours>",
      "minutes": "<minutes>",
      "seconds": "<seconds>",
      "nanos": "<nanoseconds>"
    },
    "backupRetainPeriodDays": "<number_of_days>",
    "access": {
      "dataLens": <allow_access_from_DataLens>,
      "webSql": <allow_access_from_WebSQL>,
      "serverless": <allow_access_from_Cloud_Functions>,
      "dataTransfer": <allow_access_from_Data_Transfer>,
      "yandexQuery": <allow_access_from_Query>
    },
    "performanceDiagnostics": {
      "enabled": <enable_statistics_collection>,
      "sessionsSamplingInterval": "<session_sampling_interval>",
      "statementsSamplingInterval": "<statement_sampling_interval>"
    }
  },
  "maintenanceWindow": {
    "weeklyMaintenanceWindow": {
      "day": "<day_of_week>",
      "hour": "<hour>"
    }
  },
  "deletionProtection": <protect_cluster_from_deletion>
}

    Where:

    • updateMask: Comma-separated string of settings you want to update.

    • configSpec: Cluster settings:

      • poolerConfig: Connection pooler settings:

        • poolingMode: Connection pooler's mode. The possible values are SESSION, TRANSACTION, and STATEMENT. To learn more about each mode, see Managing PostgreSQL connections.
        • poolDiscard: Determines whether clients should discard their state after each transaction, true or false. Corresponds to the server_reset_query_always option for the PgBouncer connection pooler.

      • backupWindowStart: Backup window settings.

        Here, specify the backup start time. Allowed values:

        • hours: From 0 to 23 hours.
        • minutes: From 0 to 59 minutes.
        • seconds: From 0 to 59 seconds.
        • nanos: From 0 to 999999999 nanoseconds.

      • backupRetainPeriodDays: Cluster backup retention period in days. The allowed values range from 7 to 60 days.

      • access: Cluster access settings for the following Yandex Cloud services:

        Allowed values are true or false.

      • performanceDiagnostics: Statistics collection settings:

        • enabled: Enables statistics collection, true or false.
        • sessionsSamplingInterval: Session sampling interval. Allowed values range from 1 to 86400 seconds.
        • statementsSamplingInterval: Statement sampling interval. Allowed values range from 60 to 86400 seconds.

    • maintenanceWindow: Maintenance window settings, applying to both active and stopped clusters. In maintenanceWindow, provide one of the following values:

      • anytime: Maintenance can occur at any time.

      • weeklyMaintenanceWindow: Maintenance occurs once a week at the specified time:

        • day: Day of the week, in DDD format.
        • hour: Hour of the day, in HH format. Allowed values range from 1 to 24 hours.

    • deletionProtection: Deletion protection for the cluster, its databases, and users, true or false.

      By default, when users and databases are created, this setting’s value is inherited from the cluster. You can also specify this setting manually. See User management and Database management for details.

      If the setting is changed on a running cluster, the new value will only be inherited by users and databases with the Same as cluster protection level.

      Even with deletion protection enabled, one can still connect to the cluster manually and delete the data.

    You can get the cluster ID from the folder’s cluster list.

  3. Call the Cluster.Update method, for instance, via the following cURL request:

    curl \
  --request PATCH \
  --header "Authorization: Bearer $IAM_TOKEN" \
  --header "Content-Type: application/json" \
  --url 'https://mdb.api.cloud.yandex.net/managed-postgresql/v1/clusters/<cluster_ID>' \
  --data "@body.json"

  4. Check the server response to make sure your request was successful.

  1. Get an IAM token for API authentication and place it in an environment variable:

    export IAM_TOKEN="<IAM_token>"

  2. Clone the cloudapi repository:

    cd ~/ && git clone --depth=1 https://github.com/yandex-cloud/cloudapi

    Below, we assume the repository contents are stored in the ~/cloudapi/ directory.

  3. Create a file named body.json and paste the following code into it:

    Warning

    The API method will assign default values to all the parameters of the object you are modifying unless you explicitly provide them in your request. To avoid this, list the settings you want to change in the update_mask parameter as an array of paths[] strings.

    Format for listing settings
    "update_mask": {
    "paths": [
        "<setting_1>",
        "<setting_2>",
        ...
        "<setting_N>"
    ]
}

    {
  "cluster_id": "<cluster_ID>",
  "update_mask": {
    "paths": [
      "config_spec.pooler_config",
      "config_spec.backup_window_start",
      "config_spec.backup_retain_period_days",
      "config_spec.access",
      "config_spec.performance_diagnostics.sessions_sampling_interval",
      "config_spec.performance_diagnostics.statements_sampling_interval",
      "maintenance_window",
      "deletion_protection"
    ]
  },
  "config_spec": {
    "pooler_config": {
      "pooling_mode": "<connection_pooling_mode>",
      "pool_discard": <clear_client_states_after_each_transaction>
    },
    "backup_window_start": {
      "hours": "<hours>",
      "minutes": "<minutes>",
      "seconds": "<seconds>",
      "nanos": "<nanoseconds>"
    },
    "backup_retain_period_days": "<number_of_days>",
    "access": {
      "data_lens": <allow_access_from_DataLens>,
      "web_sql": <allow_access_from_WebSQL>,
      "serverless": <allow_access_from_Cloud_Functions>,
      "data_transfer": <allow_access_from_Data_Transfer>,
      "yandex_query": <allow_access_from_Query>
    },
    "performance_diagnostics": {
      "enabled": <enable_statistics_collection>,
      "sessions_sampling_interval": "<session_sampling_interval>",
      "statements_sampling_interval": "<statement_sampling_interval>"
    }
  },
  "maintenance_window": {
    "weekly_maintenance_window": {
      "day": "<day_of_week>",
      "hour": "<hour>"
    }
  },
  "deletion_protection": <protect_cluster_from_deletion>
}

    Where:

    • update_mask: List of settings you want to update as an array of strings (paths[]).

    • config_spec: Cluster settings:

      • pooler_config: Connection pooler settings:

        • pooling_mode: Connection pooler mode. Allowed values range SESSION, TRANSACTION, and STATEMENT. To learn more about each mode, see Managing PostgreSQL connections.
        • pool_discard: Determines whether clients should discard their state after each transaction, true or false. Corresponds to the server_reset_query_always option for the PgBouncer connection pooler.

      • backup_window_start: Backup window settings.

        Here, specify the backup start time. Allowed values:

        • hours: From 0 to 23 hours.
        • minutes: From 0 to 59 minutes.
        • seconds: From 0 to 59 seconds.
        • nanos: From 0 to 999999999 nanoseconds.

      • backup_retain_period_days: Cluster backup retention period in days. Allowed values range from 7 to 60 days.

      • access: Cluster access settings for the following Yandex Cloud services:

        Allowed values are true or false.

      • performance_diagnostics: Statistics collection settings:

        • enabled: Enables statistics collection, true or false.
        • sessions_sampling_interval: Session sampling interval. Allowed values range from 1 to 86400 seconds.
        • statements_sampling_interval: Statement sampling interval. Allowed values range from 60 to 86400 seconds.

    • maintenance_window: Maintenance window settings, applying to both active and stopped clusters. In maintenance_window, provide one of the following values:

      • anytime: Maintenance can occur at any time.

      • weekly_maintenance_window: Maintenance occurs once a week at the specified time:

        • day: Day of the week, in DDD format.
        • hour: Hour of the day, in HH format. Allowed values range from 1 to 24 hours.

    • deletion_protection: Deletion protection for the cluster, its databases, and users, true or false.

      By default, when users and databases are created, this setting’s value is inherited from the cluster. You can also specify this setting manually. See User management and Database management for details.

      If the setting is changed on a running cluster, the new value will only be inherited by users and databases with the Same as cluster protection level.

      Even with deletion protection enabled, one can still connect to the cluster manually and delete the data.

    You can get the cluster ID from the folder’s cluster list.

  4. Call the ClusterService.Update method, for instance, via the following gRPCurl request:

    grpcurl \
  -format json \
  -import-path ~/cloudapi/ \
  -import-path ~/cloudapi/third_party/googleapis/ \
  -proto ~/cloudapi/yandex/cloud/mdb/postgresql/v1/cluster_service.proto \
  -rpc-header "Authorization: Bearer $IAM_TOKEN" \
  -d @ \
  mdb.api.cloud.yandex.net:443 \
  yandex.cloud.mdb.postgresql.v1.ClusterService.Update \
  < body.json

  5. View the server response to make sure your request was successful.

Connection Manager

If the Connection Manager integration is not enabled for your cluster, turn on Use Connection Manager. This option is only available in the management console.

The system will create the following resources for each database user:

The system will create connections and secrets for each new database user. To see all connections, select the Connections tab on the cluster page.

Viewing connection details requires the connection-manager.viewer role. You can use Connection Manager to configure access to connections.

Note

There is no charge for using Connection Manager or the secrets created with it.

Manual master failover

In a fault-tolerant multi-host Managed Service for PostgreSQL cluster, you can perform a manual failover from the current master host to one of the replicas. Once this operation is complete, the former master host will act as a replica to the new master.

Master failover specifics in Managed Service for PostgreSQL

  • A replica with an explicitly defined replication source cannot be promoted to master.
  • Unless the replica name for promotion is explicitly specified, the master will fail over to one of the quorum replicas.

To learn more, see Replication.

To perform a master failover:

  1. Go to Managed Service for PostgreSQL.
  2. Click the name of your cluster and select the Hosts tab.
  3. Click Switch master.
    • To switch the master to one of the quorum replicas, leave the Choose master host automatically option enabled.
    • To switch the master to a specific replica, disable the Choose master host automatically option and select the required replica from the drop-down list.
  4. Click Switch.

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

Run this command:

yc managed-postgresql cluster start-failover <cluster_name_or_ID> \
    --host <replica_host_name>

You can get the replica name from the cluster’s host list and the cluster name from the folder’s cluster list.

  1. Open the current Terraform configuration file describing your infrastructure.

    Learn how to create this file in Creating a cluster.

    For a complete list of configurable Managed Service for PostgreSQL cluster fields, refer to the Terraform provider guides.

  2. In the host_master_name argument, specify the name of the replica you want to promote.

    resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  ...
  host_master_name = "<replica_host_name>"
}

    Where host_master_name is the replica name, i.e., the name attribute of the relevant host section.

  3. Validate your configuration.

    1. In the command line, navigate to the directory that contains the current Terraform configuration files defining the infrastructure.

    2. Run this command:

      terraform validate

      Terraform will show any errors found in your configuration files.

  4. Confirm resource changes.

    1. Run this command to view the planned changes:

      terraform plan

      If you described the configuration correctly, the terminal will display a list of the resources to update and their parameters. This is a verification step that does not apply changes to your resources.

    2. If everything looks correct, apply the changes:

      1. Run this command:

        terraform apply

      2. Confirm updating the resources.

      3. Wait for the operation to complete.

    Timeouts

    The Terraform provider sets the following timeouts for Managed Service for PostgreSQL cluster operations:

    • Creating a cluster, including restoration from a backup: 30 minutes.
    • Updating a cluster: 60 minutes.
    • Deleting a cluster: 15 minutes.

    Operations exceeding the timeout are aborted.

    How can I change these timeouts?

    Add a timeouts section to the cluster description, e.g.:

    resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  ...
  timeouts {
    create = "1h30m" # 1 hour 30 minutes
    update = "2h"    # 2 hours
    delete = "30m"   # 30 minutes
  }
}

  1. Get an IAM token for API authentication and place it in an environment variable:

    export IAM_TOKEN="<IAM_token>"

  2. Call the Cluster.StartFailover method, for instance, via the following cURL request:

    curl \
  --request POST \
  --header "Authorization: Bearer $IAM_TOKEN" \
  --header "Content-Type: application/json" \
  --url 'https://mdb.api.cloud.yandex.net/managed-postgresql/v1/clusters/<cluster_ID>:startFailover' \
  --data '{
            "hostName": "<host_FQDN>"
          }'

    Where hostName is the FQDN of the replica promoted to master.

    You can get the cluster ID from the folder’s cluster list.

  3. View the server response to make sure your request was successful.

  1. Get an IAM token for API authentication and place it in an environment variable:

    export IAM_TOKEN="<IAM_token>"

  2. Clone the cloudapi repository:

    cd ~/ && git clone --depth=1 https://github.com/yandex-cloud/cloudapi

    Below, we assume the repository contents are stored in the ~/cloudapi/ directory.

  3. Call the ClusterService.StartFailover method, for instance, via the following gRPCurl request:

    grpcurl \
  -format json \
  -import-path ~/cloudapi/ \
  -import-path ~/cloudapi/third_party/googleapis/ \
  -proto ~/cloudapi/yandex/cloud/mdb/postgresql/v1/cluster_service.proto \
  -rpc-header "Authorization: Bearer $IAM_TOKEN" \
  -d '{
        "cluster_id": "<cluster_ID>",
        "host_name": "<host_FQDN>"
      }' \
  mdb.api.cloud.yandex.net:443 \
  yandex.cloud.mdb.postgresql.v1.ClusterService.StartFailover

    Where host_name is the FQDN of the replica promoted to master.

    You can get the cluster ID from the folder’s cluster list.

  4. Check the server response to make sure your request was successful.

Moving a cluster

  1. Go to Managed Service for PostgreSQL.
  2. Click next to the cluster you want to move.
  3. Select Move.
  4. Select the destination folder for your cluster.
  5. Click Move.

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

To move a cluster:

  1. View the description of the CLI command for moving a cluster:

    yc managed-postgresql cluster move --help

  2. Run the cluster move command, providing the destination folder as its argument:

    yc managed-postgresql cluster move <cluster_ID> \
   --destination-folder-name=<destination_folder_name>

    You can get the cluster ID from the folder’s cluster list.

  1. Open the current Terraform configuration file describing your infrastructure.

    Learn how to create this file in Creating a cluster.

  2. In the Managed Service for PostgreSQL cluster description, update the folder_id value. If the argument does not exist, add it:

    resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  ...
  folder_id = "<destination_folder_ID>"
}

  3. Validate your configuration.

    1. In the command line, navigate to the directory that contains the current Terraform configuration files defining the infrastructure.

    2. Run this command:

      terraform validate

      Terraform will show any errors found in your configuration files.

  4. Confirm resource changes.

    1. Run this command to view the planned changes:

      terraform plan

      If you described the configuration correctly, the terminal will display a list of the resources to update and their parameters. This is a verification step that does not apply changes to your resources.

    2. If everything looks correct, apply the changes:

      1. Run this command:

        terraform apply

      2. Confirm updating the resources.

      3. Wait for the operation to complete.

For more information, see this Terraform provider article.

Timeouts

The Terraform provider sets the following timeouts for Managed Service for PostgreSQL cluster operations:

  • Creating a cluster, including restoration from a backup: 30 minutes.
  • Updating a cluster: 60 minutes.
  • Deleting a cluster: 15 minutes.

Operations exceeding the timeout are aborted.

How can I change these timeouts?

Add a timeouts section to the cluster description, e.g.:

resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  ...
  timeouts {
    create = "1h30m" # 1 hour 30 minutes
    update = "2h"    # 2 hours
    delete = "30m"   # 30 minutes
  }
}

  1. Get an IAM token for API authentication and place it in an environment variable:

    export IAM_TOKEN="<IAM_token>"

  2. Call the Cluster.Move method, for instance, via the following cURL request:

    curl \
  --request POST \
  --header "Authorization: Bearer $IAM_TOKEN" \
  --header "Content-Type: application/json" \
  --url 'https://mdb.api.cloud.yandex.net/managed-postgresql/v1/clusters/<cluster_ID>:move' \
  --data '{
            "destinationFolderId": "<folder_ID>"
          }'

    Where destinationFolderId is the ID of the target folder for your cluster. You can get this ID from the list of folders in the cloud.

    You can get the cluster ID from the folder’s cluster list.

  3. View the server response to make sure your request was successful.

  1. Get an IAM token for API authentication and place it in an environment variable:

    export IAM_TOKEN="<IAM_token>"

  2. Clone the cloudapi repository:

    cd ~/ && git clone --depth=1 https://github.com/yandex-cloud/cloudapi

    Below, we assume the repository contents are stored in the ~/cloudapi/ directory.

  3. Call the ClusterService.Move method, for instance, via the following gRPCurl request:

    grpcurl \
  -format json \
  -import-path ~/cloudapi/ \
  -import-path ~/cloudapi/third_party/googleapis/ \
  -proto ~/cloudapi/yandex/cloud/mdb/postgresql/v1/cluster_service.proto \
  -rpc-header "Authorization: Bearer $IAM_TOKEN" \
  -d '{
        "cluster_id": "<cluster_ID>",
        "destination_folder_id": "<folder_ID>"
      }' \
  mdb.api.cloud.yandex.net:443 \
  yandex.cloud.mdb.postgresql.v1.ClusterService.Move

    Where destination_folder_id is the ID of the target folder for your cluster. You can get this ID from the list of folders in the cloud.

    You can get the cluster ID from the folder’s cluster list.

  4. Check the server response to make sure your request was successful.

After the move, the cluster will still use the cloud network from the original folder. To host the cluster in another cloud network, use the restore from a backup feature, specifying the target network for the restored cluster.

To move a cluster to a different availability zone, follow this guide. Following this procedure, you will move the cluster hosts.

Updating security groups

  1. Go to Managed Service for PostgreSQL.
  2. Select your cluster and click Edit in the top panel.
  3. Under Network settings, select the security groups for the cluster’s network traffic.

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

To update security groups for your cluster:

  1. View the description of the CLI command for updating a cluster:

    yc managed-postgresql cluster update --help

  2. Run the cluster update command, providing the required security groups as its argument:

    yc managed-postgresql cluster update <cluster_name_or_ID> \
    --security-group-ids <list_of_security_group_IDs>

  1. Open the current Terraform configuration file describing your infrastructure.

    Learn how to create this file in Creating a cluster.

    For a complete list of configurable Managed Service for PostgreSQL cluster fields, refer to the Terraform provider guides.

  2. Update the security_group_ids value in your cluster description:

    resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  ...
  security_group_ids = [ <list_of_security_group_IDs> ]
}

  3. Validate your configuration.

    1. In the command line, navigate to the directory that contains the current Terraform configuration files defining the infrastructure.

    2. Run this command:

      terraform validate

      Terraform will show any errors found in your configuration files.

  4. Confirm resource changes.

    1. Run this command to view the planned changes:

      terraform plan

      If you described the configuration correctly, the terminal will display a list of the resources to update and their parameters. This is a verification step that does not apply changes to your resources.

    2. If everything looks correct, apply the changes:

      1. Run this command:

        terraform apply

      2. Confirm updating the resources.

      3. Wait for the operation to complete.

    Timeouts

    The Terraform provider sets the following timeouts for Managed Service for PostgreSQL cluster operations:

    • Creating a cluster, including restoration from a backup: 30 minutes.
    • Updating a cluster: 60 minutes.
    • Deleting a cluster: 15 minutes.

    Operations exceeding the timeout are aborted.

    How can I change these timeouts?

    Add a timeouts section to the cluster description, e.g.:

    resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  ...
  timeouts {
    create = "1h30m" # 1 hour 30 minutes
    update = "2h"    # 2 hours
    delete = "30m"   # 30 minutes
  }
}

  1. Get an IAM token for API authentication and place it in an environment variable:

    export IAM_TOKEN="<IAM_token>"

  2. Call the Cluster.Update method, for instance, via the following cURL request:

    Warning

    The API method will assign default values to all the parameters of the object you are modifying unless you explicitly provide them in your request. To avoid this, list the settings you want to change in the updateMask parameter as a single comma-separated string.

    curl \
  --request PATCH \
  --header "Authorization: Bearer $IAM_TOKEN" \
  --header "Content-Type: application/json" \
  --url 'https://mdb.api.cloud.yandex.net/managed-postgresql/v1/clusters/<cluster_ID>' \
  --data '{
            "updateMask": "securityGroupIds",
            "securityGroupIds": [
              "<security_group_1_ID>",
              "<security_group_2_ID>",
              ...
              "<security_group_N_ID>"
            ]
          }'

    Where:

    • updateMask: Comma-separated string of settings you want to update.

      Here, we provide only one setting.

    • securityGroupIds: New security groups, formatted as an array.

    You can get the cluster ID from the folder’s cluster list.

  3. View the server response to make sure your request was successful.

  1. Get an IAM token for API authentication and place it in an environment variable:

    export IAM_TOKEN="<IAM_token>"

  2. Clone the cloudapi repository:

    cd ~/ && git clone --depth=1 https://github.com/yandex-cloud/cloudapi

    Below, we assume the repository contents are stored in the ~/cloudapi/ directory.

  3. Call the ClusterService.Update method, for instance, via the following gRPCurl request:

    Warning

    The API method will assign default values to all the parameters of the object you are modifying unless you explicitly provide them in your request. To avoid this, list the settings you want to change in the update_mask parameter as an array of paths[] strings.

    Format for listing settings
    "update_mask": {
    "paths": [
        "<setting_1>",
        "<setting_2>",
        ...
        "<setting_N>"
    ]
}

    grpcurl \
  -format json \
  -import-path ~/cloudapi/ \
  -import-path ~/cloudapi/third_party/googleapis/ \
  -proto ~/cloudapi/yandex/cloud/mdb/postgresql/v1/cluster_service.proto \
  -rpc-header "Authorization: Bearer $IAM_TOKEN" \
  -d '{
        "cluster_id": "<cluster_ID>",
        "update_mask": {
          "paths": [
            "security_group_ids"
          ]
        },
        "security_group_ids": [
          "<security_group_1_ID>",
          "<security_group_2_ID>",
          ...
          "<security_group_N_ID>"
        ]
      }' \
  mdb.api.cloud.yandex.net:443 \
  yandex.cloud.mdb.postgresql.v1.ClusterService.Update

    Where:

    • update_mask: List of settings you want to update as an array of strings (paths[]).

      Here, we provide only one setting.

    • security_group_ids: New security groups, formatted as an array.

    You can get the cluster ID from the folder’s cluster list.

  4. View the server response to make sure your request was successful.

Warning

You may need to configure security groups to connect to the cluster.

Previous
Creating a cluster
Next
Stopping and starting a cluster