Contact UsTry it for free
© 2026 Direct Cursus Technology L.L.C.

Updating PostgreSQL cluster settings

Written by
Updated at January 27, 2026

After creating a cluster, you can:

Note

All configuration changes require the cluster to be running.

Learn more about other cluster updates:

Changing the host class

Note

Some PostgreSQL settings depend on the selected host class.

When changing the host class:

  • A single-host cluster will be unavailable for a few minutes and all database connections will be dropped.
  • A multi-host cluster will switch to a new master host Each host will undergo a rolling update and will be unavailable for a few minutes while it updates.
  • Using a special FQDN does not guarantee a stable database connection: user sessions may be terminated.

We recommend changing the host class only when your cluster has no active workload.

  1. Go to Managed Service for PostgreSQL.
  2. Select your cluster and click Edit in the top panel.
  3. Under Host class, select the PostgreSQL host class.
  4. Click Save changes.

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

To change the host class for a cluster:

  1. View the description of the CLI command for updating a cluster:

    yc managed-postgresql cluster update --help

  2. Request a list of available host classes. The ZONE IDS column lists the availability zones where the relevant class can be selected:

    yc managed-postgresql resource-preset list

    +-----------+--------------------------------+-------+----------+
|    ID     |            ZONE IDS            | CORES |  MEMORY  |
+-----------+--------------------------------+-------+----------+
| s1.micro  | ru-central1-a, ru-central1-b,  |     2 | 8.0 GB   |
|           | ru-central1-d                  |       |          |
| ...                                                           |
+-----------+--------------------------------+-------+----------+

  3. Specify the relevant class in the cluster update command:

    yc managed-postgresql cluster update <cluster_name_or_ID> \
    --resource-preset <host_class_ID>

    Managed Service for PostgreSQL will start updating the host class for your cluster.

  1. Open the current Terraform configuration file describing your infrastructure.

    To learn how to create this file, see Creating a cluster.

    For a complete list of Managed Service for PostgreSQL cluster configuration fields you can update, see this Terraform provider guide.

  2. In the Managed Service for PostgreSQL cluster description, update the resource_preset_id attribute value under config.resources:

    resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  ...
  config {
    resources {
      resource_preset_id = "<host_class>"
      ...
    }
  }
}

  3. Make sure the settings are correct.

    1. In the command line, navigate to the directory that contains the current Terraform configuration files defining the infrastructure.

    2. Run this command:

      terraform validate

      Terraform will show any errors found in your configuration files.

  4. Confirm updating the resources.

    1. Run this command to view the planned changes:

      terraform plan

      If you described the configuration correctly, the terminal will display a list of the resources to update and their parameters. This is a verification step that does not apply changes to your resources.

    2. If everything looks correct, apply the changes:

      1. Run this command:

        terraform apply

      2. Confirm updating the resources.

      3. Wait for the operation to complete.

    Timeouts

    The Terraform provider sets the following timeouts for Managed Service for PostgreSQL cluster operations:

    • Creating a cluster, including restoration from a backup: 30 minutes.
    • Updating a cluster: 60 minutes.
    • Deleting a cluster: 15 minutes.

    Operations exceeding the timeout are aborted.

    How can I change these timeouts?

    Add a timeouts section to the cluster description, e.g.:

    resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  ...
  timeouts {
    create = "1h30m" # 1 hour 30 minutes
    update = "2h"    # 2 hours
    delete = "30m"   # 30 minutes
  }
}

  1. Get an IAM token for API authentication and put it in an environment variable:

    export IAM_TOKEN="<IAM_token>"

  2. Use the Cluster.Update method and send the following request, e.g., via cURL:

    Warning

    The API method will assign default values to all the parameters of the object you are modifying unless you explicitly provide them in your request. To avoid this, list the settings you want to change in the updateMask parameter as a single comma-separated string.

    curl \
  --request PATCH \
  --header "Authorization: Bearer $IAM_TOKEN" \
  --header "Content-Type: application/json" \
  --url 'https://mdb.api.cloud.yandex.net/managed-postgresql/v1/clusters/<cluster_ID>' \
  --data '{
            "updateMask": "configSpec.resources.resourcePresetId",
            "configSpec": {
              "resources": {
                "resourcePresetId": "<host_class>"
              }
            }
          }'

    Where:

    • updateMask: Comma-separated string of settings you want to update.

      Here, we provide only one setting.

    • configSpec.resources.resourcePresetId: New host class.

    You can get the cluster ID with the list of clusters in the folder.

  3. Check the server response to make sure your request was successful.

  1. Get an IAM token for API authentication and put it in an environment variable:

    export IAM_TOKEN="<IAM_token>"

  2. Clone the cloudapi repository:

    cd ~/ && git clone --depth=1 https://github.com/yandex-cloud/cloudapi

    Below, we assume that the repository contents reside in the ~/cloudapi/ directory.

  3. Use the ClusterService.Update call and send the following request, e.g., via gRPCurl:

    Warning

    The API method will assign default values to all the parameters of the object you are modifying unless you explicitly provide them in your request. To avoid this, list the settings you want to change in the update_mask parameter as an array of paths[] strings.

    Format for listing settings
    "update_mask": {
    "paths": [
        "<setting_1>",
        "<setting_2>",
        ...
        "<setting_N>"
    ]
}

    grpcurl \
  -format json \
  -import-path ~/cloudapi/ \
  -import-path ~/cloudapi/third_party/googleapis/ \
  -proto ~/cloudapi/yandex/cloud/mdb/postgresql/v1/cluster_service.proto \
  -rpc-header "Authorization: Bearer $IAM_TOKEN" \
  -d '{
        "cluster_id": "<cluster_ID>",
        "update_mask": {
          "paths": [
            "config_spec.resources.resource_preset_id"
          ]
        },
        "config_spec": {
          "resources": {
            "resource_preset_id": "<host_class>"
          }
        }
      }' \
  mdb.api.cloud.yandex.net:443 \
  yandex.cloud.mdb.postgresql.v1.ClusterService.Update

    Where:

    • update_mask: List of parameters to update as an array of strings (paths[]).

      Here, we provide only one setting.

    • config_spec.resources.resource_preset_id: New host class.

    You can get the cluster ID with the list of clusters in the folder.

  4. Check the server response to make sure your request was successful.

Updating PostgreSQL settings

You can change the DBMS settings for the hosts in your cluster.

Warning

  1. Go to Managed Service for PostgreSQL.
  2. Select your cluster and click Edit in the top panel.
  3. Change the PostgreSQL settings by clicking Settings under DBMS settings.
  4. Click Save.
  5. Click Save changes.

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

To update the PostgreSQL settings:

  1. View the full list of cluster settings:

    yc managed-postgresql cluster get <cluster_name_or_ID> --full

  2. View the description of the CLI command for updating the cluster configuration:

    yc managed-postgresql cluster update-config --help

  3. Set the parameter values as needed:

    All supported arguments are listed in the postgresqlConfig_<PostgreSQL_version> field of the update method’s request format. To specify an argument name in the CLI call, convert its name from lowerCamelCase to snake_case. For example, the maxPreparedTransactions argument from the API request becomes max_prepared_transactions for the CLI command:

    yc managed-postgresql cluster update-config <cluster_name_or_ID> \
   --set <parameter_1_name>=<value_1>,<parameter_2_name>=<value_2>,...

    Managed Service for PostgreSQL will start updating the cluster settings.

  1. Open the current Terraform configuration file describing your infrastructure.

    To learn how to create this file, see Creating a cluster.

    For a complete list of Managed Service for PostgreSQL cluster configuration fields you can update, see this Terraform provider guide.

  2. Update the settings in the config.postgresql_config section of your Managed Service for PostgreSQL cluster description. If there is no such section, create one.

    resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  ...
  config {
    ...
    postgresql_config = {
      max_connections                   = <maximum_number_of_connections>
      enable_parallel_hash              = <true_or_false>
      vacuum_cleanup_index_scale_factor = <number_between_0_and_1>
      ...
    }
  }
}

  3. Make sure the settings are correct.

    1. In the command line, navigate to the directory that contains the current Terraform configuration files defining the infrastructure.

    2. Run this command:

      terraform validate

      Terraform will show any errors found in your configuration files.

  4. Confirm updating the resources.

    1. Run this command to view the planned changes:

      terraform plan

      If you described the configuration correctly, the terminal will display a list of the resources to update and their parameters. This is a verification step that does not apply changes to your resources.

    2. If everything looks correct, apply the changes:

      1. Run this command:

        terraform apply

      2. Confirm updating the resources.

      3. Wait for the operation to complete.

    Timeouts

    The Terraform provider sets the following timeouts for Managed Service for PostgreSQL cluster operations:

    • Creating a cluster, including restoration from a backup: 30 minutes.
    • Updating a cluster: 60 minutes.
    • Deleting a cluster: 15 minutes.

    Operations exceeding the timeout are aborted.

    How can I change these timeouts?

    Add a timeouts section to the cluster description, e.g.:

    resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  ...
  timeouts {
    create = "1h30m" # 1 hour 30 minutes
    update = "2h"    # 2 hours
    delete = "30m"   # 30 minutes
  }
}

  1. Get an IAM token for API authentication and put it in an environment variable:

    export IAM_TOKEN="<IAM_token>"

  2. Use the Cluster.Update method and send the following request, e.g., via cURL:

    Warning

    The API method will assign default values to all the parameters of the object you are modifying unless you explicitly provide them in your request. To avoid this, list the settings you want to change in the updateMask parameter as a single comma-separated string.

    curl \
  --request PATCH \
  --header "Authorization: Bearer $IAM_TOKEN" \
  --header "Content-Type: application/json" \
  --url 'https://mdb.api.cloud.yandex.net/managed-postgresql/v1/clusters/<cluster_ID>' \
  --data '{
            "updateMask": "configSpec.postgresqlConfig_<PostgreSQL_version>.<setting_1>,...,configSpec.postgresqlConfig_<PostgreSQL_version>.<setting_N>",
            "configSpec": {
              "postgresqlConfig_<PostgreSQL_version>": {
                "<setting_1>": "<value_1>",
                "<setting_2>": "<value_2>",
                ...
                "<setting_N>": "<value_N>"
              }
            }
          }'

    Where:

    • updateMask: Comma-separated string of settings you want to update.

      List all PostgreSQL settings you want to update.

    • configSpec.postgresqlConfig_<PostgreSQL_version>: PostgreSQL settings. Enter each setting on a new line, separated by commas.

      See the method description for the list of PostgreSQL versions supporting this option. See Cluster-level settings for the descriptions and possible values of the settings.

    You can get the cluster ID with the list of clusters in the folder.

  3. Check the server response to make sure your request was successful.

  1. Get an IAM token for API authentication and put it in an environment variable:

    export IAM_TOKEN="<IAM_token>"

  2. Clone the cloudapi repository:

    cd ~/ && git clone --depth=1 https://github.com/yandex-cloud/cloudapi

    Below, we assume that the repository contents reside in the ~/cloudapi/ directory.

  3. Use the ClusterService.Update call and send the following request, e.g., via gRPCurl:

    Warning

    The API method will assign default values to all the parameters of the object you are modifying unless you explicitly provide them in your request. To avoid this, list the settings you want to change in the update_mask parameter as an array of paths[] strings.

    Format for listing settings
    "update_mask": {
    "paths": [
        "<setting_1>",
        "<setting_2>",
        ...
        "<setting_N>"
    ]
}

    grpcurl \
  -format json \
  -import-path ~/cloudapi/ \
  -import-path ~/cloudapi/third_party/googleapis/ \
  -proto ~/cloudapi/yandex/cloud/mdb/postgresql/v1/cluster_service.proto \
  -rpc-header "Authorization: Bearer $IAM_TOKEN" \
  -d '{
        "cluster_id": "<cluster_ID>",
        "update_mask": {
          "paths": [
            "config_spec.postgresql_config_<PostgreSQL_version>.<setting_1>",
            "config_spec.postgresql_config_<PostgreSQL_version>.<setting_2>",
            ...,
            "config_spec.postgresql_config_<PostgreSQL_version>.<setting_N>"
          ]
        },
        "config_spec": {
          "postgresql_config_<PostgreSQL_version>": {
            "<setting_1>": "<value_1>",
            "<setting_2>": "<value_2>",
            ...
            "<setting_N>": "<value_N>"
          }
        }
      }' \
  mdb.api.cloud.yandex.net:443 \
  yandex.cloud.mdb.postgresql.v1.ClusterService.Update

    Where:

    • update_mask: List of parameters to update as an array of strings (paths[]).

      List all PostgreSQL settings you want to update.

    • config_spec.postgresql_config_<PostgreSQL_version>: PostgreSQL settings. Specify each setting on a new line, separated by commas.

      See the method description for the list of PostgreSQL versions supporting this option. See Cluster-level settings for the descriptions and possible values of the settings.

    You can get the cluster ID with the list of clusters in the folder.

  4. Check the server response to make sure your request was successful.

Changing additional cluster settings

Warning

Changing additional settings will restart the cluster. The only exceptions are the maintenance window and deletion protection settings.

  1. Go to Managed Service for PostgreSQL.

  2. Select your cluster and click Edit in the top panel.

  3. Under Performance diagnostics, enable standard or advanced diagnostics. The advanced mode also includes collecting and analyzing query plans.

    To use the Performance diagnostics tool, select Statistics sampling and set up Sessions sampling interval and Statements sampling interval. Both settings are measured in seconds.

  4. Update additional cluster settings:

    • Backup start time (UTC): Time interval during which the cluster backup starts. Time is specified in 24-hour UTC format. The default time is 22:00 - 23:00 UTC.

    • Retention period for automatic backups, days: Retention period for automatic backups. Backups are automatically deleted once their retention period expires. The default is 7 days. For more information, see Backups.

      Changing the retention period affects both new and existing automatic backups. For example, the initial retention period was 7 days. A specific automatic backup has 1 day of remaining lifetime. If you increase the retention period to 9 days, that backup’s remaining lifetime becomes 3 days.

      Automatic cluster backups are stored for a specified number of days, while manually created ones are stored indefinitely. After a cluster is deleted, all its backups are retained for 7 days.

    • Maintenance window: Maintenance window settings:

      • To enable maintenance at any time, select arbitrary (default).
      • To specify the preferred maintenance start time, select by schedule and specify the desired day of the week and UTC hour. For example, you can choose a time when the cluster is least loaded.

      Maintenance operations are carried out both on enabled and disabled clusters. They may include updating the DBMS, applying patches, and so on.

    • DataLens access: This option enables you to analyze cluster data in Yandex DataLens.

    • WebSQL access: This option enables you to run SQL queries against cluster databases from the Yandex Cloud management console using Yandex WebSQL.

    • Yandex Query access: Enables you to run YQL queries against cluster databases from Yandex Query.

    • Serverless access: Enable this option to allow cluster access from Yandex Cloud Functions. For more information about setting up access, see Cloud Functions this guide.

    • Pooling mode: Select one of the connection pooler modes.

    • Deletion protection: Deletion protection for the cluster, its databases, and users.

      By default, when users and databases are created, this setting’s value is inherited from the cluster. You can also specify this setting manually. See User management and Database management for details.

      If the setting is changed on a running cluster, the new value will only be inherited by users and databases with the Same as cluster protection level.

      Even with deletion protection enabled, one can still connect to the cluster manually and delete the data.

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

To change additional cluster settings:

  1. View the description of the CLI command for updating a cluster:

    yc managed-postgresql cluster update --help

  2. Run the following command with the list of settings you want to update:

    yc managed-postgresql cluster update <cluster_name_or_ID> \
    --backup-window-start <backup_start_time> \
    --backup-retain-period-days=<automatic_backup_retention_period_in_days> \
    --datalens-access=<allow_access_from_DataLens> \
    --maintenance-window type=<maintenance_type>,`
                        `day=<day_of_week>,`
                        `hour=<hour> \
    --websql-access=<allow_access_from_WebSQL> \
    --deletion-protection \
    --connection-pooling-mode=<connection_pooler_mode> \
    --serverless-access=<allow_access_from_Serverless_Containers> \
    --yandexquery-access=<allow_access_from_Yandex_Query> \
    --performance-diagnostics enabled=<enable_statistics_collection>,`
                             `sessions-sampling-interval=<session_sampling_interval>,`
                             `statements-sampling-interval=<statement_sampling_interval>

You can update the following settings:

  • --backup-window-start: The cluster backup start time, set in UTC format HH:MM:SS. If the time is not set, the backup will start at 22:00 UTC.

  • --backup-retain-period-days: Automatic backup retention period, in days.

  • --datalens-access: Enables access from DataLens. The default value is false. To learn more about configuring a connection, see Connecting to a cluster from DataLens.

  • --maintenance-window: Maintenance window settings (including for stopped clusters), where type is the maintenance type:

    • anytime: At any time (default).
    • weekly: On a schedule. For this value, also specify the following:
      • day: Day of week, i.e., MON, TUE, WED, THU, FRI, SAT, or SUN.
      • hour: Hour of day (UTC), from 1 to 24.

  • --websql-access: Enables running SQL queries on cluster databases from the Yandex Cloud management console using Yandex WebSQL. The default value is false.

  • --serverless-access: Enables access to the cluster from Yandex Cloud Functions. The default value is false. For more information about setting up access, see this Cloud Functions guide.

  • --yandexquery-access: Enables access to the cluster from Yandex Query. This feature is in the Preview stage and can be enabled upon request.

  • --connection-pooling-mode: Specifies the connection pooler mode (SESSION, TRANSACTION, or STATEMENT).

  • --deletion-protection: Deletion protection for the cluster, its databases, and users.

    By default, when users and databases are created, this setting’s value is inherited from the cluster. You can also specify this setting manually. See User management and Database management for details.

    If the setting is changed on a running cluster, the new value will only be inherited by users and databases with the Same as cluster protection level.

    Even with deletion protection enabled, one can still connect to the cluster manually and delete the data.

  • --performance-diagnostics: Statistics collection settings:

    • enabled: The value of true enables statistics collection. The default value is false.
    • sessions-sampling-interval: Session sampling interval in seconds. Allowed values range from 1 to 86400.
    • statements-sampling-interval: Statement sampling interval in seconds. Allowed values range from 60 to 86400.

You can get the cluster name with the list of clusters in the folder.

  1. Open the current Terraform configuration file describing your infrastructure.

    To learn how to create this file, see Creating a cluster.

    For a complete list of Managed Service for PostgreSQL cluster configuration fields you can update, see this Terraform provider guide.

  2. To change the backup start time, add the config.backup_window_start section to the Managed Service for PostgreSQL cluster description:

    resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  ...
  config {
    backup_window_start {
      hours   = <backup_start_hour>
      minutes = <backup_start_minute>
    }
    ...
  }
}

  3. To allow access to the cluster from Yandex DataLens and to enable running SQL queries from the management console using Yandex WebSQL, update the relevant fields in the config.access section:

    resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  ...
  config {
    access {
      data_lens = <allow_access_from_DataLens>
      web_sql   = <allow_access_from_WebSQL>
      ...
  }
  ...
}

    Where:

    • data_lens: Access from DataLens, true or false.
    • web_sql: Execution of SQL queries from the management console using Yandex WebSQL (true or false).

  4. To change the connection pooler mode, add a config.pooler_config section to the Managed Service for PostgreSQL cluster description:

    resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  ...
  config {
    pooler_config {
      pool_discard = <clear_client_states_after_each_transaction>
      pooling_mode = "<operation_mode>"
    }
    ...
  }
}

    Where:

    • pool_discard: Defines whether clients should discard their state after each transaction, true or false.
    • pooling_mode: Operation mode, SESSION, TRANSACTION, or STATEMENT.

  5. To set up the maintenance window that will also apply to stopped clusters, add the maintenance_window section to the cluster description:

    resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  ...
  maintenance_window {
    type = <maintenance_type>
    day  = <day_of_week>
    hour = <hour>
  }
  ...
}

    Where:

    • type: Maintenance type. The possible values include:
      • ANYTIME: Anytime
      • WEEKLY: On a schedule
    • day: Day of week for the WEEKLY type, i.e., MON, TUE, WED, THU, FRI, SAT, or SUN.
    • hour: UTC hour for the WEEKLY type, from 1 to 24.

  6. To set up statistics collection, add the performance_diagnostics block to the config section:

    resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  ...
  config {
    ...
    performance_diagnostics {
      enabled                      = <activate_statistics_collection>
      sessions_sampling_interval   = <session_sampling_interval>
      statements_sampling_interval = <statement_sampling_interval>
    }
    ...
  }
  ...
}

    Where:

    • enabled: Enable statistics collection, true or false.
    • sessions_sampling_interval: Session sampling interval, from 1 to 86400 seconds.
    • statements_sampling_interval: Statement sampling interval, from 60 to 86400 seconds.

  7. To protect your cluster, its databases, and users against accidental deletion, add the deletion_protection field set to true to your cluster description:

    resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  ...
  deletion_protection = <protect_cluster_from_deletion>
}

    deletion_protection: Protection of the cluster, its databases, and users against deletion (true or false).

    By default, when users and databases are created, this setting’s value is inherited from the cluster. You can also specify this setting manually. See User management and Database management for details.

    If the setting is changed on a running cluster, the new value will only be inherited by users and databases with the Same as cluster protection level.

    Even with deletion protection enabled, one can still connect to the cluster manually and delete the data.

  8. Make sure the settings are correct.

    1. In the command line, navigate to the directory that contains the current Terraform configuration files defining the infrastructure.

    2. Run this command:

      terraform validate

      Terraform will show any errors found in your configuration files.

  9. Confirm updating the resources.

    1. Run this command to view the planned changes:

      terraform plan

      If you described the configuration correctly, the terminal will display a list of the resources to update and their parameters. This is a verification step that does not apply changes to your resources.

    2. If everything looks correct, apply the changes:

      1. Run this command:

        terraform apply

      2. Confirm updating the resources.

      3. Wait for the operation to complete.

    Timeouts

    The Terraform provider sets the following timeouts for Managed Service for PostgreSQL cluster operations:

    • Creating a cluster, including restoration from a backup: 30 minutes.
    • Updating a cluster: 60 minutes.
    • Deleting a cluster: 15 minutes.

    Operations exceeding the timeout are aborted.

    How can I change these timeouts?

    Add a timeouts section to the cluster description, e.g.:

    resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  ...
  timeouts {
    create = "1h30m" # 1 hour 30 minutes
    update = "2h"    # 2 hours
    delete = "30m"   # 30 minutes
  }
}

  1. Get an IAM token for API authentication and put it in an environment variable:

    export IAM_TOKEN="<IAM_token>"

  2. Create a file named body.json and paste the following code into it:

    Warning

    The API method will assign default values to all the parameters of the object you are modifying unless you explicitly provide them in your request. To avoid this, list the settings you want to change in the updateMask parameter as a single comma-separated string.

    {
  "updateMask": "configSpec.poolerConfig,configSpec.backupWindowStart,configSpec.backupRetainPeriodDays,configSpec.access,configSpec.performanceDiagnostics.sessionsSamplingInterval,configSpec.performanceDiagnostics.statementsSamplingInterval,maintenanceWindow,deletionProtection",
  "configSpec": {
    "poolerConfig": {
      "poolingMode": "<connection_pooling_mode>",
      "poolDiscard": <clear_client_states_after_each_transaction>
    },
    "backupWindowStart": {
      "hours": "<hours>",
      "minutes": "<minutes>",
      "seconds": "<seconds>",
      "nanos": "<nanoseconds>"
    },
    "backupRetainPeriodDays": "<number_of_days>",
    "access": {
      "dataLens": <allow_access_from_DataLens>,
      "webSql": <allow_access_from_WebSQL>,
      "serverless": <allow_access_from_Cloud_Functions>,
      "dataTransfer": <allow_access_from_Data_Transfer>,
      "yandexQuery": <allow_access_from_Query>
    },
    "performanceDiagnostics": {
      "enabled": <enable_statistics_collection>,
      "sessionsSamplingInterval": "<session_sampling_interval>",
      "statementsSamplingInterval": "<statement_sampling_interval>"
    }
  },
  "maintenanceWindow": {
    "weeklyMaintenanceWindow": {
      "day": "<day_of_week>",
      "hour": "<hour>"
    }
  },
  "deletionProtection": <protect_cluster_from_deletion>
}

    Where:

    • updateMask: Comma-separated string of settings you want to update.

    • configSpec: Cluster settings:

      • poolerConfig: Connection pooler settings:

        • poolingMode: Connection pooler's operation mode. Possible values: SESSION, TRANSACTION, and STATEMENT. To learn more about each mode, see Managing PostgreSQL connections.
        • poolDiscard: Defines whether clients should discard their state after each transaction, true or false. Corresponds to the server_reset_query_always option for the PgBouncer connection pooler.

      • backupWindowStart: Backup window settings.

        Here, specify the backup start time. Allowed values:

        • hours: From 0 to 23 hours.
        • minutes: From 0 to 59 minutes.
        • seconds: From 0 to 59 seconds.
        • nanos: From 0 to 999999999 nanoseconds.

      • backupRetainPeriodDays: Number of days to retain the cluster backup. Possible values: between 7 and 60 days.

      • access: Cluster access settings for the following Yandex Cloud services:

        The possible values are true or false.

      • performanceDiagnostics: Statistics collection settings:

        • enabled: Enables statistics collection, true or false.
        • sessionsSamplingInterval: Session sampling interval. The values range from 1 to 86400 seconds.
        • statementsSamplingInterval: Statement sampling interval. The values range from 60 to 86400 seconds.

    • maintenanceWindow: Maintenance window settings, including for stopped clusters. In maintenanceWindow, provide one of the two values:

      • anytime: Maintenance can occur at any time.

      • weeklyMaintenanceWindow: Maintenance occurs once a week at the specified time:

        • day: Day of the week, in DDD format.
        • hour: Hour, in HH format. Allowed values range from 1 to 24 hours.

    • deletionProtection: Protection of the cluster, its databases, and users against deletion, true or false value.

      By default, when users and databases are created, this setting’s value is inherited from the cluster. You can also specify this setting manually. See User management and Database management for details.

      If the setting is changed on a running cluster, the new value will only be inherited by users and databases with the Same as cluster protection level.

      Even with deletion protection enabled, one can still connect to the cluster manually and delete the data.

    You can get the cluster ID with the list of clusters in the folder.

  3. Call the Cluster.Update method, e.g., via the following cURL request:

    curl \
  --request PATCH \
  --header "Authorization: Bearer $IAM_TOKEN" \
  --header "Content-Type: application/json" \
  --url 'https://mdb.api.cloud.yandex.net/managed-postgresql/v1/clusters/<cluster_ID>' \
  --data "@body.json"

  4. Check the server response to make sure your request was successful.

  1. Get an IAM token for API authentication and put it in an environment variable:

    export IAM_TOKEN="<IAM_token>"

  2. Clone the cloudapi repository:

    cd ~/ && git clone --depth=1 https://github.com/yandex-cloud/cloudapi

    Below, we assume that the repository contents reside in the ~/cloudapi/ directory.

  3. Create a file named body.json and paste the following code into it:

    Warning

    The API method will assign default values to all the parameters of the object you are modifying unless you explicitly provide them in your request. To avoid this, list the settings you want to change in the update_mask parameter as an array of paths[] strings.

    Format for listing settings
    "update_mask": {
    "paths": [
        "<setting_1>",
        "<setting_2>",
        ...
        "<setting_N>"
    ]
}

    {
  "cluster_id": "<cluster_ID>",
  "update_mask": {
    "paths": [
      "config_spec.pooler_config",
      "config_spec.backup_window_start",
      "config_spec.backup_retain_period_days",
      "config_spec.access",
      "config_spec.performance_diagnostics.sessions_sampling_interval",
      "config_spec.performance_diagnostics.statements_sampling_interval",
      "maintenance_window",
      "deletion_protection"
    ]
  },
  "config_spec": {
    "pooler_config": {
      "pooling_mode": "<connection_pooling_mode>",
      "pool_discard": <clear_client_states_after_each_transaction>
    },
    "backup_window_start": {
      "hours": "<hours>",
      "minutes": "<minutes>",
      "seconds": "<seconds>",
      "nanos": "<nanoseconds>"
    },
    "backup_retain_period_days": "<number_of_days>",
    "access": {
      "data_lens": <allow_access_from_DataLens>,
      "web_sql": <allow_access_from_WebSQL>,
      "serverless": <allow_access_from_Cloud_Functions>,
      "data_transfer": <allow_access_from_Data_Transfer>,
      "yandex_query": <allow_access_from_Query>
    },
    "performance_diagnostics": {
      "enabled": <enable_statistics_collection>,
      "sessions_sampling_interval": "<session_sampling_interval>",
      "statements_sampling_interval": "<statement_sampling_interval>"
    }
  },
  "maintenance_window": {
    "weekly_maintenance_window": {
      "day": "<day_of_week>",
      "hour": "<hour>"
    }
  },
  "deletion_protection": <protect_cluster_from_deletion>
}

    Where:

    • update_mask: List of parameters to update as an array of strings (paths[]).

    • config_spec: Cluster settings:

      • pooler_config: Connection pooler settings:

        • pooling_mode: Connection pooler's operation mode. Possible values: SESSION, TRANSACTION, and STATEMENT. To learn more about each mode, see Managing PostgreSQL connections.
        • pool_discard: Defines whether clients should discard their state after each transaction, true or false. Corresponds to the server_reset_query_always option for the PgBouncer connection pooler.

      • backup_window_start: Backup window settings.

        Here, specify the backup start time. Allowed values:

        • hours: From 0 to 23 hours.
        • minutes: From 0 to 59 minutes.
        • seconds: From 0 to 59 seconds.
        • nanos: From 0 to 999999999 nanoseconds.

      • backup_retain_period_days: Number of days to retain the cluster backup. Possible values: between 7 and 60 days.

      • access: Cluster access settings for the following Yandex Cloud services:

        The possible values are true or false.

      • performance_diagnostics: Statistics collection settings:

        • enabled: Enables statistics collection, true or false.
        • sessions_sampling_interval: Session sampling interval. The values range from 1 to 86400 seconds.
        • statements_sampling_interval: Statement sampling interval. The values range from 60 to 86400 seconds.

    • maintenance_window: Maintenance window settings, including for stopped clusters. In maintenance_window, provide one of the two values:

      • anytime: Maintenance can take place at any time.

      • weekly_maintenance_window: Maintenance occurs once a week at the specified time:

        • day: Day of the week, in DDD format.
        • hour: Hour, in HH format. Allowed values range from 1 to 24 hours.

    • deletion_protection: Protection of the cluster, its databases, and users against deletion, true or false value.

      By default, when users and databases are created, this setting’s value is inherited from the cluster. You can also specify this setting manually. See User management and Database management for details.

      If the setting is changed on a running cluster, the new value will only be inherited by users and databases with the Same as cluster protection level.

      Even with deletion protection enabled, one can still connect to the cluster manually and delete the data.

    You can get the cluster ID with the list of clusters in the folder.

  4. Call the ClusterService.Update method, e.g., via the following gRPCurl request:

    grpcurl \
  -format json \
  -import-path ~/cloudapi/ \
  -import-path ~/cloudapi/third_party/googleapis/ \
  -proto ~/cloudapi/yandex/cloud/mdb/postgresql/v1/cluster_service.proto \
  -rpc-header "Authorization: Bearer $IAM_TOKEN" \
  -d @ \
  mdb.api.cloud.yandex.net:443 \
  yandex.cloud.mdb.postgresql.v1.ClusterService.Update \
  < body.json

  5. Check the server response to make sure your request was successful.

Connection Manager

If you cluster has no integration with Connection Manager, enable Use Connection Manager. You can only do it in the management console.

The following resources will be created for each database user:

The connection and secret will be created for each new database user. To view all connections, open the Connections tab on the cluster page.

You need the connection-manager.viewer role to view the connection details. You can use Connection Manager to configure access to connections.

Note

Connection Manager and secrets created with it are free of charge.

Manual master failover

In a fault-tolerant multi-host Managed Service for PostgreSQL cluster, you can perform a manual failover from the current master host to one of the replicas. Once this operation is complete, the former master host will act as a replica to the new master.

Master failover specifics in Managed Service for PostgreSQL

  • A replica with an explicitly defined replication source cannot be promoted to master.
  • Unless the replica name for promotion is explicitly specified, the master will fail over to one of the quorum replicas.

To learn more, see Replication.

To perform a master failover:

  1. Go to Managed Service for PostgreSQL.
  2. Click the name of your cluster and select the Hosts tab.
  3. Click Switch master.
    • To switch the master to one of the quorum replicas, leave the Choose master host automatically option enabled.
    • To switch the master to a specific replica, disable the Choose master host automatically option and select the required replica from the drop-down list.
  4. Click Switch.

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

Run this command:

yc managed-postgresql cluster start-failover <cluster_name_or_ID> \
    --host <replica_host_name>

You can get the replica name from the cluster’s host list and the cluster name from the folder’s cluster list.

  1. Open the current Terraform configuration file describing your infrastructure.

    To learn how to create this file, see Creating a cluster.

    For a complete list of Managed Service for PostgreSQL cluster configuration fields you can update, see this Terraform provider guide.

  2. In the host_master_name argument, specify the name of the replica you want to promote.

    resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  ...
  host_master_name = "<replica_host_name>"
}

    Where host_master_name is the name of the replica host, i.e., the name attribute of the appropriate host section.

  3. Make sure the settings are correct.

    1. In the command line, navigate to the directory that contains the current Terraform configuration files defining the infrastructure.

    2. Run this command:

      terraform validate

      Terraform will show any errors found in your configuration files.

  4. Confirm updating the resources.

    1. Run this command to view the planned changes:

      terraform plan

      If you described the configuration correctly, the terminal will display a list of the resources to update and their parameters. This is a verification step that does not apply changes to your resources.

    2. If everything looks correct, apply the changes:

      1. Run this command:

        terraform apply

      2. Confirm updating the resources.

      3. Wait for the operation to complete.

    Timeouts

    The Terraform provider sets the following timeouts for Managed Service for PostgreSQL cluster operations:

    • Creating a cluster, including restoration from a backup: 30 minutes.
    • Updating a cluster: 60 minutes.
    • Deleting a cluster: 15 minutes.

    Operations exceeding the timeout are aborted.

    How can I change these timeouts?

    Add a timeouts section to the cluster description, e.g.:

    resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  ...
  timeouts {
    create = "1h30m" # 1 hour 30 minutes
    update = "2h"    # 2 hours
    delete = "30m"   # 30 minutes
  }
}

  1. Get an IAM token for API authentication and put it in an environment variable:

    export IAM_TOKEN="<IAM_token>"

  2. Call the Cluster.StartFailover method, e.g., via the following cURL request:

    curl \
  --request POST \
  --header "Authorization: Bearer $IAM_TOKEN" \
  --header "Content-Type: application/json" \
  --url 'https://mdb.api.cloud.yandex.net/managed-postgresql/v1/clusters/<cluster_ID>:startFailover' \
  --data '{
            "hostName": "<host_FQDN>"
          }'

    Where hostName is the FQDN of the replica promoted to master.

    You can get the cluster ID with the list of clusters in the folder.

  3. Check the server response to make sure your request was successful.

  1. Get an IAM token for API authentication and put it in an environment variable:

    export IAM_TOKEN="<IAM_token>"

  2. Clone the cloudapi repository:

    cd ~/ && git clone --depth=1 https://github.com/yandex-cloud/cloudapi

    Below, we assume that the repository contents reside in the ~/cloudapi/ directory.

  3. Call the ClusterService.StartFailover method, e.g., via the following gRPCurl request:

    grpcurl \
  -format json \
  -import-path ~/cloudapi/ \
  -import-path ~/cloudapi/third_party/googleapis/ \
  -proto ~/cloudapi/yandex/cloud/mdb/postgresql/v1/cluster_service.proto \
  -rpc-header "Authorization: Bearer $IAM_TOKEN" \
  -d '{
        "cluster_id": "<cluster_ID>",
        "host_name": "<host_FQDN>"
      }' \
  mdb.api.cloud.yandex.net:443 \
  yandex.cloud.mdb.postgresql.v1.ClusterService.StartFailover

    Where host_name is the FQDN of the replica promoted to master.

    You can get the cluster ID with the list of clusters in the folder.

  4. Check the server response to make sure your request was successful.

Moving a cluster

  1. Go to Managed Service for PostgreSQL.
  2. Click next to the cluster you want to move.
  3. Select Move.
  4. Select the destination folder for your cluster.
  5. Click Move.

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

To move a cluster:

  1. View the description of the CLI command for moving a cluster:

    yc managed-postgresql cluster move --help

  2. Specify the destination folder in the cluster move command:

    yc managed-postgresql cluster move <cluster_ID> \
   --destination-folder-name=<destination_folder_name>

    You can get the cluster ID with the list of clusters in the folder.

  1. Open the current Terraform configuration file describing your infrastructure.

    Learn how to create this file in Creating a cluster.

  2. In the Managed Service for PostgreSQL cluster description, edit or add the folder_id parameter value:

    resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  ...
  folder_id = "<destination_folder_ID>"
}

  3. Make sure the settings are correct.

    1. In the command line, navigate to the directory that contains the current Terraform configuration files defining the infrastructure.

    2. Run this command:

      terraform validate

      Terraform will show any errors found in your configuration files.

  4. Confirm updating the resources.

    1. Run this command to view the planned changes:

      terraform plan

      If you described the configuration correctly, the terminal will display a list of the resources to update and their parameters. This is a verification step that does not apply changes to your resources.

    2. If everything looks correct, apply the changes:

      1. Run this command:

        terraform apply

      2. Confirm updating the resources.

      3. Wait for the operation to complete.

For more information, see this Terraform provider article.

Timeouts

The Terraform provider sets the following timeouts for Managed Service for PostgreSQL cluster operations:

  • Creating a cluster, including restoration from a backup: 30 minutes.
  • Updating a cluster: 60 minutes.
  • Deleting a cluster: 15 minutes.

Operations exceeding the timeout are aborted.

How can I change these timeouts?

Add a timeouts section to the cluster description, e.g.:

resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  ...
  timeouts {
    create = "1h30m" # 1 hour 30 minutes
    update = "2h"    # 2 hours
    delete = "30m"   # 30 minutes
  }
}

  1. Get an IAM token for API authentication and put it in an environment variable:

    export IAM_TOKEN="<IAM_token>"

  2. Call the Cluster.Move method, e.g., via the following cURL request:

    curl \
  --request POST \
  --header "Authorization: Bearer $IAM_TOKEN" \
  --header "Content-Type: application/json" \
  --url 'https://mdb.api.cloud.yandex.net/managed-postgresql/v1/clusters/<cluster_ID>:move' \
  --data '{
            "destinationFolderId": "<folder_ID>"
          }'

    Where destinationFolderId is the ID of the target folder for your cluster. You can get this ID with the list of folders in the cloud.

    You can get the cluster ID with the list of clusters in the folder.

  3. Check the server response to make sure your request was successful.

  1. Get an IAM token for API authentication and put it in an environment variable:

    export IAM_TOKEN="<IAM_token>"

  2. Clone the cloudapi repository:

    cd ~/ && git clone --depth=1 https://github.com/yandex-cloud/cloudapi

    Below, we assume that the repository contents reside in the ~/cloudapi/ directory.

  3. Call the ClusterService.Move method, e.g., via the following gRPCurl request:

    grpcurl \
  -format json \
  -import-path ~/cloudapi/ \
  -import-path ~/cloudapi/third_party/googleapis/ \
  -proto ~/cloudapi/yandex/cloud/mdb/postgresql/v1/cluster_service.proto \
  -rpc-header "Authorization: Bearer $IAM_TOKEN" \
  -d '{
        "cluster_id": "<cluster_ID>",
        "destination_folder_id": "<folder_ID>"
      }' \
  mdb.api.cloud.yandex.net:443 \
  yandex.cloud.mdb.postgresql.v1.ClusterService.Move

    Where destination_folder_id is the ID of the target folder for your cluster. You can get this ID with the list of folders in the cloud.

    You can get the cluster ID with the list of clusters in the folder.

  4. Check the server response to make sure your request was successful.

After the move, the cluster will still use the cloud network from the original folder. To host the cluster in another cloud network, use the restore from a backup feature, specifying the target network for the restored cluster.

To move a cluster to a different availability zone, follow this guide. Following this procedure, you will move the cluster hosts.

Updating security groups

  1. Go to Managed Service for PostgreSQL.
  2. Select your cluster and click Edit in the top panel.
  3. Under Network settings, select the security groups for cluster network traffic.

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

To edit the list of security groups for your cluster:

  1. View the description of the CLI command for updating a cluster:

    yc managed-postgresql cluster update --help

  2. Specify the security groups in the cluster update command:

    yc managed-postgresql cluster update <cluster_name_or_ID> \
    --security-group-ids <list_of_security_group_IDs>

  1. Open the current Terraform configuration file describing your infrastructure.

    To learn how to create this file, see Creating a cluster.

    For a complete list of Managed Service for PostgreSQL cluster configuration fields you can update, see this Terraform provider guide.

  2. Edit the security_group_ids value in the cluster description:

    resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  ...
  security_group_ids = [ <list_of_security_group_IDs> ]
}

  3. Make sure the settings are correct.

    1. In the command line, navigate to the directory that contains the current Terraform configuration files defining the infrastructure.

    2. Run this command:

      terraform validate

      Terraform will show any errors found in your configuration files.

  4. Confirm updating the resources.

    1. Run this command to view the planned changes:

      terraform plan

      If you described the configuration correctly, the terminal will display a list of the resources to update and their parameters. This is a verification step that does not apply changes to your resources.

    2. If everything looks correct, apply the changes:

      1. Run this command:

        terraform apply

      2. Confirm updating the resources.

      3. Wait for the operation to complete.

    Timeouts

    The Terraform provider sets the following timeouts for Managed Service for PostgreSQL cluster operations:

    • Creating a cluster, including restoration from a backup: 30 minutes.
    • Updating a cluster: 60 minutes.
    • Deleting a cluster: 15 minutes.

    Operations exceeding the timeout are aborted.

    How can I change these timeouts?

    Add a timeouts section to the cluster description, e.g.:

    resource "yandex_mdb_postgresql_cluster" "<cluster_name>" {
  ...
  timeouts {
    create = "1h30m" # 1 hour 30 minutes
    update = "2h"    # 2 hours
    delete = "30m"   # 30 minutes
  }
}

  1. Get an IAM token for API authentication and put it in an environment variable:

    export IAM_TOKEN="<IAM_token>"

  2. Use the Cluster.Update method and send the following request, e.g., via cURL:

    Warning

    The API method will assign default values to all the parameters of the object you are modifying unless you explicitly provide them in your request. To avoid this, list the settings you want to change in the updateMask parameter as a single comma-separated string.

    curl \
  --request PATCH \
  --header "Authorization: Bearer $IAM_TOKEN" \
  --header "Content-Type: application/json" \
  --url 'https://mdb.api.cloud.yandex.net/managed-postgresql/v1/clusters/<cluster_ID>' \
  --data '{
            "updateMask": "securityGroupIds",
            "securityGroupIds": [
              "<security_group_1_ID>",
              "<security_group_2_ID>",
              ...
              "<security_group_N_ID>"
            ]
          }'

    Where:

    • updateMask: Comma-separated string of settings you want to update.

      Here, we provide only one setting.

    • securityGroupIds: New security groups, formatted as an array.

    You can get the cluster ID with the list of clusters in the folder.

  3. Check the server response to make sure your request was successful.

  1. Get an IAM token for API authentication and put it in an environment variable:

    export IAM_TOKEN="<IAM_token>"

  2. Clone the cloudapi repository:

    cd ~/ && git clone --depth=1 https://github.com/yandex-cloud/cloudapi

    Below, we assume that the repository contents reside in the ~/cloudapi/ directory.

  3. Use the ClusterService.Update call and send the following request, e.g., via gRPCurl:

    Warning

    The API method will assign default values to all the parameters of the object you are modifying unless you explicitly provide them in your request. To avoid this, list the settings you want to change in the update_mask parameter as an array of paths[] strings.

    Format for listing settings
    "update_mask": {
    "paths": [
        "<setting_1>",
        "<setting_2>",
        ...
        "<setting_N>"
    ]
}

    grpcurl \
  -format json \
  -import-path ~/cloudapi/ \
  -import-path ~/cloudapi/third_party/googleapis/ \
  -proto ~/cloudapi/yandex/cloud/mdb/postgresql/v1/cluster_service.proto \
  -rpc-header "Authorization: Bearer $IAM_TOKEN" \
  -d '{
        "cluster_id": "<cluster_ID>",
        "update_mask": {
          "paths": [
            "security_group_ids"
          ]
        },
        "security_group_ids": [
          "<security_group_1_ID>",
          "<security_group_2_ID>",
          ...
          "<security_group_N_ID>"
        ]
      }' \
  mdb.api.cloud.yandex.net:443 \
  yandex.cloud.mdb.postgresql.v1.ClusterService.Update

    Where:

    • update_mask: List of parameters to update as an array of strings (paths[]).

      Here, we provide only one setting.

    • security_group_ids: New security groups, formatted as an array.

    You can get the cluster ID with the list of clusters in the folder.

  4. Check the server response to make sure your request was successful.

Warning

You may need to additionally configure security groups to connect to the cluster.

Previous
Creating a cluster
Next
Stopping and starting a cluster