Contact UsTry it for free
© 2026 Direct Cursus Technology L.L.C.

yandex_mdb_postgresql_user (Resource)

Written by
Updated at April 9, 2026

Manages a PostgreSQL user within the Yandex Cloud. For more information, see the official documentation.

Example usage

//
// Create a new MDB PostgreSQL database User.
//
resource "yandex_mdb_postgresql_user" "my_user" {
  cluster_id = yandex_mdb_postgresql_cluster.my_cluster.id
  name       = "alice"
  password   = "password"
  conn_limit = 50
  settings = {
    default_transaction_isolation = "read committed"
    log_min_duration_statement    = 5000
  }
}

resource "yandex_mdb_postgresql_cluster" "my_cluster" {
  name        = "test"
  environment = "PRESTABLE"
  network_id  = yandex_vpc_network.foo.id

  config {
    version = 15
    resources {
      resource_preset_id = "s2.micro"
      disk_type_id       = "network-ssd"
      disk_size          = 16
    }
  }

  host {
    zone      = "ru-central1-d"
    subnet_id = yandex_vpc_subnet.foo.id
  }
}

// Auxiliary resources
resource "yandex_vpc_network" "foo" {}

resource "yandex_vpc_subnet" "foo" {
  zone           = "ru-central1-d"
  network_id     = yandex_vpc_network.foo.id
  v4_cidr_blocks = ["10.5.0.0/24"]
}

Arguments & Attributes Reference

  • auth_method (String). Authentication method for the user. Possible values are AUTH_METHOD_PASSWORD, AUTH_METHOD_IAM. Default is AUTH_METHOD_PASSWORD.
  • cluster_id (Required)(String). The ID of the PostgreSQL cluster.
  • conn_limit (Number). The maximum number of connections per user. (Default 50).
  • connection_manager (Read-Only) (Map Of String). Connection Manager connection configuration. Filled in by the server automatically.
  • deletion_protection (String). The true value means that resource is protected from accidental deletion.
  • generate_password (Bool). Generate password using Connection Manager. Allowed values: true or false. It's used only during user creation and is ignored during updating.

Warning

Must specify either password or generate_password.

  • grants (List Of String). List of the user's grants.

  • id (String).

  • login (Bool). User's ability to login.

  • name (Required)(String). The name of the PostgreSQL user.

  • password (String). The password of the user.

  • settings (Map Of String). Map of user settings. Full description.

    • default_transaction_isolation - defines the default isolation level to be set for all new SQL transactions. One of:

      • read uncommitted
      • read committed
      • repeatable read
      • serializable

    • lock_timeout - The maximum time (in milliseconds) for any statement to wait for acquiring a lock on an table, index, row or other database object (default 0)

    • log_min_duration_statement - This setting controls logging of the duration of statements. (default -1 disables logging of the duration of statements.)

    • synchronous_commit - This setting defines whether DBMS will commit transaction in a synchronous way. One of:

      • on
      • off
      • local
      • remote write
      • remote apply

    • temp_file_limit - The maximum storage space size (in kilobytes) that a single process can use to create temporary files.

    • log_statement - This setting specifies which SQL statements should be logged (on the user level). One of:

      • none
      • ddl
      • mod
      • all

    • pool_mode - Mode that the connection pooler is working in with specified user. One of:

      • session
      • transaction
      • statement

    • prepared_statements_pooling - This setting allows user to use prepared statements with transaction pooling. Boolean.

    • catchup_timeout - The connection pooler setting. It determines the maximum allowed replication lag (in seconds). Pooler will reject connections to the replica with a lag above this threshold. Default value is 0, which disables this feature. Integer.

    • wal_sender_timeout - The maximum time (in milliseconds) to wait for WAL replication (can be set only for PostgreSQL 12+). Terminate replication connections that are inactive for longer than this amount of time. Integer.

    • idle_in_transaction_session_timeout - Sets the maximum allowed idle time (in milliseconds) between queries, when in a transaction. Value of 0 (default) disables the timeout. Integer.

    • statement_timeout - The maximum time (in milliseconds) to wait for statement. Value of 0 (default) disables the timeout. Integer.

    • pgaudit - Settings of the PostgreSQL Audit Extension (pgaudit). Full description. String (json with with escaped quotes). Example "{\"log\": [\"READ\", \"WRITE\"]}"

  • user_password_encryption (String). Password-based authentication method for user.
    Possible values are USER_PASSWORD_ENCRYPTION_MD5 or USER_PASSWORD_ENCRYPTION_SCRAM_SHA_256.
    The default is password_encryption setting for cluster.

  • permission [Block]. Set of permissions granted to the user.

    • database_name (Required)(String). The name of the database that the permission grants access to.

  • timeouts [Block].

    • create (String).
    • delete (String).
    • read (String).
    • update (String).

Import

The resource can be imported by using their resource ID. For getting it you can use Yandex Cloud Web Console or Yandex Cloud CLI.

# terraform import yandex_mdb_postgresql_user.<resource Name> <resource Id>
terraform import yandex_mdb_postgresql_user.my_user ...
Previous
mdb_postgresql_database
Next
mdb_sharded_postgresql_cluster