Skip to content

azurermPostgresqlFlexibleServer

Manages a PostgreSQL Flexible Server.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
new azurerm.provider.AzurermProvider(this, "azurerm", {
  features: [{}],
});
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
  this,
  "example",
  {
    location: "West Europe",
    name: "example-resources",
  }
);
const azurermVirtualNetworkExample = new azurerm.virtualNetwork.VirtualNetwork(
  this,
  "example_2",
  {
    address_space: ["10.0.0.0/16"],
    location: azurermResourceGroupExample.location,
    name: "example-vn",
    resource_group_name: azurermResourceGroupExample.name,
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermVirtualNetworkExample.overrideLogicalId("example");
const azurermPrivateDnsZoneExample = new azurerm.privateDnsZone.PrivateDnsZone(
  this,
  "example_3",
  {
    name: "example.postgres.database.azure.com",
    resource_group_name: azurermResourceGroupExample.name,
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermPrivateDnsZoneExample.overrideLogicalId("example");
const azurermPrivateDnsZoneVirtualNetworkLinkExample =
  new azurerm.privateDnsZoneVirtualNetworkLink.PrivateDnsZoneVirtualNetworkLink(
    this,
    "example_4",
    {
      name: "exampleVnetZone.com",
      private_dns_zone_name: azurermPrivateDnsZoneExample.name,
      resource_group_name: azurermResourceGroupExample.name,
      virtual_network_id: azurermVirtualNetworkExample.id,
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermPrivateDnsZoneVirtualNetworkLinkExample.overrideLogicalId("example");
const azurermSubnetExample = new azurerm.subnet.Subnet(this, "example_5", {
  address_prefixes: ["10.0.2.0/24"],
  delegation: [
    {
      name: "fs",
      service_delegation: [
        {
          actions: ["Microsoft.Network/virtualNetworks/subnets/join/action"],
          name: "Microsoft.DBforPostgreSQL/flexibleServers",
        },
      ],
    },
  ],
  name: "example-sn",
  resource_group_name: azurermResourceGroupExample.name,
  service_endpoints: ["Microsoft.Storage"],
  virtual_network_name: azurermVirtualNetworkExample.name,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermSubnetExample.overrideLogicalId("example");
const azurermPostgresqlFlexibleServerExample =
  new azurerm.postgresqlFlexibleServer.PostgresqlFlexibleServer(
    this,
    "example_6",
    {
      administrator_login: "psqladmin",
      administrator_password: "H@Sh1CoR3!",
      delegated_subnet_id: azurermSubnetExample.id,
      depends_on: [`\${${azurermPrivateDnsZoneVirtualNetworkLinkExample.fqn}}`],
      location: azurermResourceGroupExample.location,
      name: "example-psqlflexibleserver",
      private_dns_zone_id: azurermPrivateDnsZoneExample.id,
      resource_group_name: azurermResourceGroupExample.name,
      sku_name: "GP_Standard_D4s_v3",
      storage_mb: 32768,
      version: "12",
      zone: "1",
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermPostgresqlFlexibleServerExample.overrideLogicalId("example");

Arguments Reference

The following arguments are supported:

  • name - (Required) The name which should be used for this PostgreSQL Flexible Server. Changing this forces a new PostgreSQL Flexible Server to be created.

\~> Note This must be unique across the entire Azure service, not just within the resource group.

  • resourceGroupName - (Required) The name of the Resource Group where the PostgreSQL Flexible Server should exist. Changing this forces a new PostgreSQL Flexible Server to be created.

  • location - (Required) The Azure Region where the PostgreSQL Flexible Server should exist. Changing this forces a new PostgreSQL Flexible Server to be created.

  • administratorLogin - (Optional) The Administrator login for the PostgreSQL Flexible Server. Required when createMode is default and authenticationPasswordAuthEnabled is true.

-> Note: Once administratorLogin is specified, changing this forces a new PostgreSQL Flexible Server to be created.

  • administratorPassword - (Optional) The Password associated with the administratorLogin for the PostgreSQL Flexible Server. Required when createMode is default and authenticationPasswordAuthEnabled is true.

  • authentication - (Optional) An authentication block as defined below.

  • backupRetentionDays - (Optional) The backup retention days for the PostgreSQL Flexible Server. Possible values are between 7 and 35 days.

  • customerManagedKey - (Optional) A customerManagedKey block as defined below. Changing this forces a new resource to be created.

  • geoRedundantBackupEnabled - (Optional) Is Geo-Redundant backup enabled on the PostgreSQL Flexible Server. Defaults to false. Changing this forces a new PostgreSQL Flexible Server to be created.

  • createMode - (Optional) The creation mode which can be used to restore or replicate existing servers. Possible values are default, pointInTimeRestore, replica and update. Changing this forces a new PostgreSQL Flexible Server to be created.

-> Note: While creating the resource, createMode cannot be set to update.

  • delegatedSubnetId - (Optional) The ID of the virtual network subnet to create the PostgreSQL Flexible Server. The provided subnet should not have any other resource deployed in it and this subnet will be delegated to the PostgreSQL Flexible Server, if not already delegated. Changing this forces a new PostgreSQL Flexible Server to be created.

  • privateDnsZoneId - (Optional) The ID of the private DNS zone to create the PostgreSQL Flexible Server. Changing this forces a new PostgreSQL Flexible Server to be created.

\~> NOTE: There will be a breaking change from upstream service at 15th July 2021, the privateDnsZoneId will be required when setting a delegatedSubnetId. For existing flexible servers who don't want to be recreated, you need to provide the privateDnsZoneId to the service team to manually migrate to the specified private DNS zone. The azurermPrivateDnsZone should end with suffix postgresDatabaseAzureCom.

  • highAvailability - (Optional) A highAvailability block as defined below.

  • identity - (Optional) An identity block as defined below.

  • maintenanceWindow - (Optional) A maintenanceWindow block as defined below.

  • pointInTimeRestoreTimeInUtc - (Optional) The point in time to restore from sourceServerId when createMode is pointInTimeRestore. Changing this forces a new PostgreSQL Flexible Server to be created.

  • replicationRole - (Optional) The replication role for the PostgreSQL Flexible Server. Possible value is none.

\~> NOTE: The replicationRole cannot be set while creating and only can be updated to none for replica server.

  • skuName - (Optional) The SKU Name for the PostgreSQL Flexible Server. The name of the SKU, follows the tier + name pattern (e.g. bStandardB1Ms, gpStandardD2SV3, moStandardE4SV3).

  • sourceServerId - (Optional) The resource ID of the source PostgreSQL Flexible Server to be restored. Required when createMode is pointInTimeRestore or replica. Changing this forces a new PostgreSQL Flexible Server to be created.

  • storageMb - (Optional) The max storage allowed for the PostgreSQL Flexible Server. Possible values are 32768, 65536, 131072, 262144, 524288, 1048576, 2097152, 4194304, 8388608, and 16777216.

  • tags - (Optional) A mapping of tags which should be assigned to the PostgreSQL Flexible Server.

  • version - (Optional) The version of PostgreSQL Flexible Server to use. Possible values are 11,12, 13 and 14. Required when createMode is default. Changing this forces a new PostgreSQL Flexible Server to be created.

-> Note: When createMode is update, upgrading version wouldn't force a new resource to be created.

  • zone - (Optional) Specifies the Availability Zone in which the PostgreSQL Flexible Server should be located.

-> Note: Azure will automatically assign an Availability Zone if one is not specified. If the PostgreSQL Flexible Server fails-over to the Standby Availability Zone, the zone will be updated to reflect the current Primary Availability Zone. You can use Terraform's ignoreChanges functionality to ignore changes to the zone and highAvailability0StandbyAvailabilityZone fields should you wish for Terraform to not migrate the PostgreSQL Flexible Server back to it's primary Availability Zone after a fail-over.

-> Note: The Availability Zones available depend on the Azure Region that the PostgreSQL Flexible Server is being deployed into - see the Azure Availability Zones documentation for more information on which Availability Zones are available in each Azure Region.

An authentication block supports the following:

  • activeDirectoryAuthEnabled - (Optional) Whether or not Active Directory authentication is allowed to access the PostgreSQL Flexible Server. Defaults to false.

  • passwordAuthEnabled - (Optional) Whether or not password authentication is allowed to access the PostgreSQL Flexible Server. Defaults to true.

-> NOTE: When passwordAuthEnabled is set to false, administratorLogin and administratorPassword must not be specified.

  • tenantId - (Optional) The Tenant ID of the Azure Active Directory which is used by the Active Directory authentication. activeDirectoryAuthEnabled must be set to true.

-> Note: Setting activeDirectoryAuthEnabled to true requires a Service Principal for the Postgres Flexible Server. For more details see this document.

-> Note: tenantId is required when activeDirectoryAuthEnabled is set to true. And it should not be specified when activeDirectoryAuthEnabled is set to false

A customerManagedKey block supports the following:

  • keyVaultKeyId - (Optional) The ID of the Key Vault Key.

  • primaryUserAssignedIdentityId - (Optional) Specifies the primary user managed identity id for a Customer Managed Key. Should be added with identityIds.

\~> NOTE: This is required when type is set to userAssigned or systemAssigned,UserAssigned.

An identity block supports the following:

  • type - (Required) Specifies the type of Managed Service Identity that should be configured on this PostgreSQL Flexible Server. Should be set to userAssigned, systemAssigned,UserAssigned (to enable both).

  • identityIds - (Optional) A list of User Assigned Managed Identity IDs to be assigned to this PostgreSQL Flexible Server. Required if used together with customerManagedKey block.

\~> NOTE: This is required when type is set to userAssigned or systemAssigned,UserAssigned.

A maintenanceWindow block supports the following:

  • dayOfWeek - (Optional) The day of week for maintenance window, where the week starts on a Sunday, i.e. Sunday = 0, Monday = 1. Defaults to 0.

  • startHour - (Optional) The start hour for maintenance window. Defaults to 0.

  • startMinute - (Optional) The start minute for maintenance window. Defaults to 0.

A highAvailability block supports the following:

  • mode - (Required) The high availability mode for the PostgreSQL Flexible Server. Possible value are sameZone or zoneRedundant.

  • standbyAvailabilityZone - (Optional) Specifies the Availability Zone in which the standby Flexible Server should be located.

-> Note: Azure will automatically assign an Availability Zone if one is not specified. If the PostgreSQL Flexible Server fails-over to the Standby Availability Zone, the zone will be updated to reflect the current Primary Availability Zone. You can use Terraform's ignoreChanges functionality to ignore changes to the zone and highAvailability0StandbyAvailabilityZone fields should you wish for Terraform to not migrate the PostgreSQL Flexible Server back to it's primary Availability Zone after a fail-over.

-> Note: The Availability Zones available depend on the Azure Region that the PostgreSQL Flexible Server is being deployed into - see the Azure Availability Zones documentation for more information on which Availability Zones are available in each Azure Region.

Attributes Reference

In addition to the Arguments listed above - the following Attributes are exported:

  • id - The ID of the PostgreSQL Flexible Server.

  • fqdn - The FQDN of the PostgreSQL Flexible Server.

  • publicNetworkAccessEnabled - Is public network access enabled?

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

  • create - (Defaults to 1 hour) Used when creating the PostgreSQL Flexible Server.
  • read - (Defaults to 5 minutes) Used when retrieving the PostgreSQL Flexible Server.
  • update - (Defaults to 1 hour) Used when updating the PostgreSQL Flexible Server.
  • delete - (Defaults to 1 hour) Used when deleting the PostgreSQL Flexible Server.

Import

PostgreSQL Flexible Servers can be imported using the resourceId, e.g.

terraform import azurerm_postgresql_flexible_server.example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.DBforPostgreSQL/flexibleServers/server1