The aws:lightsail/database:Database resource, part of the Pulumi AWS provider, provisions fully managed MySQL or PostgreSQL databases with automated backups, monitoring, and maintenance. This guide focuses on three capabilities: engine and bundle selection, backup and maintenance scheduling, and deletion protection with snapshots.
Lightsail databases run in specific AWS regions; verify Lightsail availability in your target region before deployment. The examples are intentionally small. Combine them with your own network configuration and access controls.
Create a MySQL database with basic configuration
Most deployments start by selecting an engine, choosing a bundle size, and specifying master credentials.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.lightsail.Database("example", {
relationalDatabaseName: "example-database",
availabilityZone: "us-east-1a",
masterDatabaseName: "exampledb",
masterPassword: "examplepassword123",
masterUsername: "exampleuser",
blueprintId: "mysql_8_0",
bundleId: "micro_1_0",
});
import pulumi
import pulumi_aws as aws
example = aws.lightsail.Database("example",
relational_database_name="example-database",
availability_zone="us-east-1a",
master_database_name="exampledb",
master_password="examplepassword123",
master_username="exampleuser",
blueprint_id="mysql_8_0",
bundle_id="micro_1_0")
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/lightsail"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := lightsail.NewDatabase(ctx, "example", &lightsail.DatabaseArgs{
RelationalDatabaseName: pulumi.String("example-database"),
AvailabilityZone: pulumi.String("us-east-1a"),
MasterDatabaseName: pulumi.String("exampledb"),
MasterPassword: pulumi.String("examplepassword123"),
MasterUsername: pulumi.String("exampleuser"),
BlueprintId: pulumi.String("mysql_8_0"),
BundleId: pulumi.String("micro_1_0"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.LightSail.Database("example", new()
{
RelationalDatabaseName = "example-database",
AvailabilityZone = "us-east-1a",
MasterDatabaseName = "exampledb",
MasterPassword = "examplepassword123",
MasterUsername = "exampleuser",
BlueprintId = "mysql_8_0",
BundleId = "micro_1_0",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lightsail.Database;
import com.pulumi.aws.lightsail.DatabaseArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Database("example", DatabaseArgs.builder()
.relationalDatabaseName("example-database")
.availabilityZone("us-east-1a")
.masterDatabaseName("exampledb")
.masterPassword("examplepassword123")
.masterUsername("exampleuser")
.blueprintId("mysql_8_0")
.bundleId("micro_1_0")
.build());
}
}
resources:
example:
type: aws:lightsail:Database
properties:
relationalDatabaseName: example-database
availabilityZone: us-east-1a
masterDatabaseName: exampledb
masterPassword: examplepassword123
masterUsername: exampleuser
blueprintId: mysql_8_0
bundleId: micro_1_0
The blueprintId selects the database engine and version (e.g., mysql_8_0, postgres_12). The bundleId determines CPU, RAM, and disk size (e.g., micro_1_0 for small workloads). The masterDatabaseName, masterUsername, and masterPassword establish initial access. Without explicit scheduling, AWS manages backup and maintenance windows automatically.
Schedule backup and maintenance windows
Production databases need predictable schedules to avoid disrupting business operations.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.lightsail.Database("example", {
relationalDatabaseName: "example-database",
availabilityZone: "us-east-1a",
masterDatabaseName: "exampledb",
masterPassword: "examplepassword123",
masterUsername: "exampleuser",
blueprintId: "postgres_12",
bundleId: "micro_1_0",
preferredBackupWindow: "16:00-16:30",
preferredMaintenanceWindow: "Tue:17:00-Tue:17:30",
});
import pulumi
import pulumi_aws as aws
example = aws.lightsail.Database("example",
relational_database_name="example-database",
availability_zone="us-east-1a",
master_database_name="exampledb",
master_password="examplepassword123",
master_username="exampleuser",
blueprint_id="postgres_12",
bundle_id="micro_1_0",
preferred_backup_window="16:00-16:30",
preferred_maintenance_window="Tue:17:00-Tue:17:30")
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/lightsail"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := lightsail.NewDatabase(ctx, "example", &lightsail.DatabaseArgs{
RelationalDatabaseName: pulumi.String("example-database"),
AvailabilityZone: pulumi.String("us-east-1a"),
MasterDatabaseName: pulumi.String("exampledb"),
MasterPassword: pulumi.String("examplepassword123"),
MasterUsername: pulumi.String("exampleuser"),
BlueprintId: pulumi.String("postgres_12"),
BundleId: pulumi.String("micro_1_0"),
PreferredBackupWindow: pulumi.String("16:00-16:30"),
PreferredMaintenanceWindow: pulumi.String("Tue:17:00-Tue:17:30"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.LightSail.Database("example", new()
{
RelationalDatabaseName = "example-database",
AvailabilityZone = "us-east-1a",
MasterDatabaseName = "exampledb",
MasterPassword = "examplepassword123",
MasterUsername = "exampleuser",
BlueprintId = "postgres_12",
BundleId = "micro_1_0",
PreferredBackupWindow = "16:00-16:30",
PreferredMaintenanceWindow = "Tue:17:00-Tue:17:30",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lightsail.Database;
import com.pulumi.aws.lightsail.DatabaseArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Database("example", DatabaseArgs.builder()
.relationalDatabaseName("example-database")
.availabilityZone("us-east-1a")
.masterDatabaseName("exampledb")
.masterPassword("examplepassword123")
.masterUsername("exampleuser")
.blueprintId("postgres_12")
.bundleId("micro_1_0")
.preferredBackupWindow("16:00-16:30")
.preferredMaintenanceWindow("Tue:17:00-Tue:17:30")
.build());
}
}
resources:
example:
type: aws:lightsail:Database
properties:
relationalDatabaseName: example-database
availabilityZone: us-east-1a
masterDatabaseName: exampledb
masterPassword: examplepassword123
masterUsername: exampleuser
blueprintId: postgres_12
bundleId: micro_1_0
preferredBackupWindow: 16:00-16:30
preferredMaintenanceWindow: Tue:17:00-Tue:17:30
The preferredBackupWindow sets a 30-minute daily window for automated backups (UTC format: hh24:mi-hh24:mi). The preferredMaintenanceWindow defines a weekly window for disruptive changes like engine upgrades (format: ddd:hh24:mi-ddd:hh24:mi). Changes that cause outages wait until this window unless applyImmediately is set.
Preserve data with final snapshots on deletion
When decommissioning databases, teams often need point-in-time backups for compliance or recovery.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.lightsail.Database("example", {
relationalDatabaseName: "example-database",
availabilityZone: "us-east-1a",
masterDatabaseName: "exampledb",
masterPassword: "examplepassword123",
masterUsername: "exampleuser",
blueprintId: "postgres_12",
bundleId: "micro_1_0",
preferredBackupWindow: "16:00-16:30",
preferredMaintenanceWindow: "Tue:17:00-Tue:17:30",
finalSnapshotName: "example-final-snapshot",
});
import pulumi
import pulumi_aws as aws
example = aws.lightsail.Database("example",
relational_database_name="example-database",
availability_zone="us-east-1a",
master_database_name="exampledb",
master_password="examplepassword123",
master_username="exampleuser",
blueprint_id="postgres_12",
bundle_id="micro_1_0",
preferred_backup_window="16:00-16:30",
preferred_maintenance_window="Tue:17:00-Tue:17:30",
final_snapshot_name="example-final-snapshot")
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/lightsail"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := lightsail.NewDatabase(ctx, "example", &lightsail.DatabaseArgs{
RelationalDatabaseName: pulumi.String("example-database"),
AvailabilityZone: pulumi.String("us-east-1a"),
MasterDatabaseName: pulumi.String("exampledb"),
MasterPassword: pulumi.String("examplepassword123"),
MasterUsername: pulumi.String("exampleuser"),
BlueprintId: pulumi.String("postgres_12"),
BundleId: pulumi.String("micro_1_0"),
PreferredBackupWindow: pulumi.String("16:00-16:30"),
PreferredMaintenanceWindow: pulumi.String("Tue:17:00-Tue:17:30"),
FinalSnapshotName: pulumi.String("example-final-snapshot"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.LightSail.Database("example", new()
{
RelationalDatabaseName = "example-database",
AvailabilityZone = "us-east-1a",
MasterDatabaseName = "exampledb",
MasterPassword = "examplepassword123",
MasterUsername = "exampleuser",
BlueprintId = "postgres_12",
BundleId = "micro_1_0",
PreferredBackupWindow = "16:00-16:30",
PreferredMaintenanceWindow = "Tue:17:00-Tue:17:30",
FinalSnapshotName = "example-final-snapshot",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lightsail.Database;
import com.pulumi.aws.lightsail.DatabaseArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Database("example", DatabaseArgs.builder()
.relationalDatabaseName("example-database")
.availabilityZone("us-east-1a")
.masterDatabaseName("exampledb")
.masterPassword("examplepassword123")
.masterUsername("exampleuser")
.blueprintId("postgres_12")
.bundleId("micro_1_0")
.preferredBackupWindow("16:00-16:30")
.preferredMaintenanceWindow("Tue:17:00-Tue:17:30")
.finalSnapshotName("example-final-snapshot")
.build());
}
}
resources:
example:
type: aws:lightsail:Database
properties:
relationalDatabaseName: example-database
availabilityZone: us-east-1a
masterDatabaseName: exampledb
masterPassword: examplepassword123
masterUsername: exampleuser
blueprintId: postgres_12
bundleId: micro_1_0
preferredBackupWindow: 16:00-16:30
preferredMaintenanceWindow: Tue:17:00-Tue:17:30
finalSnapshotName: example-final-snapshot
The finalSnapshotName creates a named snapshot before deletion. Without this property (or with skipFinalSnapshot set to true), the database and all automated backups are permanently deleted. The snapshot persists independently and can restore a new database later.
Apply configuration changes immediately
Urgent updates sometimes can’t wait for the maintenance window.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.lightsail.Database("example", {
relationalDatabaseName: "example-database",
availabilityZone: "us-east-1a",
masterDatabaseName: "exampledb",
masterPassword: "examplepassword123",
masterUsername: "exampleuser",
blueprintId: "postgres_12",
bundleId: "micro_1_0",
applyImmediately: true,
});
import pulumi
import pulumi_aws as aws
example = aws.lightsail.Database("example",
relational_database_name="example-database",
availability_zone="us-east-1a",
master_database_name="exampledb",
master_password="examplepassword123",
master_username="exampleuser",
blueprint_id="postgres_12",
bundle_id="micro_1_0",
apply_immediately=True)
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/lightsail"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := lightsail.NewDatabase(ctx, "example", &lightsail.DatabaseArgs{
RelationalDatabaseName: pulumi.String("example-database"),
AvailabilityZone: pulumi.String("us-east-1a"),
MasterDatabaseName: pulumi.String("exampledb"),
MasterPassword: pulumi.String("examplepassword123"),
MasterUsername: pulumi.String("exampleuser"),
BlueprintId: pulumi.String("postgres_12"),
BundleId: pulumi.String("micro_1_0"),
ApplyImmediately: pulumi.Bool(true),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.LightSail.Database("example", new()
{
RelationalDatabaseName = "example-database",
AvailabilityZone = "us-east-1a",
MasterDatabaseName = "exampledb",
MasterPassword = "examplepassword123",
MasterUsername = "exampleuser",
BlueprintId = "postgres_12",
BundleId = "micro_1_0",
ApplyImmediately = true,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lightsail.Database;
import com.pulumi.aws.lightsail.DatabaseArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Database("example", DatabaseArgs.builder()
.relationalDatabaseName("example-database")
.availabilityZone("us-east-1a")
.masterDatabaseName("exampledb")
.masterPassword("examplepassword123")
.masterUsername("exampleuser")
.blueprintId("postgres_12")
.bundleId("micro_1_0")
.applyImmediately(true)
.build());
}
}
resources:
example:
type: aws:lightsail:Database
properties:
relationalDatabaseName: example-database
availabilityZone: us-east-1a
masterDatabaseName: exampledb
masterPassword: examplepassword123
masterUsername: exampleuser
blueprintId: postgres_12
bundleId: micro_1_0
applyImmediately: true
The applyImmediately property forces changes to apply right away, potentially causing brief downtime. When false (the default), changes wait for the preferredMaintenanceWindow. Use this for password resets or critical patches that can’t wait.
Beyond these examples
These snippets focus on specific database-level features: engine selection and bundle sizing, backup and maintenance scheduling, and deletion protection with final snapshots. They’re intentionally minimal rather than full database deployments.
The examples assume pre-existing infrastructure such as an AWS region with Lightsail availability. They focus on configuring the database rather than provisioning surrounding network infrastructure.
To keep things focused, common database patterns are omitted, including:
- Public accessibility configuration (publiclyAccessible)
- Backup retention controls (backupRetentionEnabled)
- High availability bundles (ha_ infix in bundleId)
- Tags for organization and cost tracking
These omissions are intentional: the goal is to illustrate how each database feature is wired, not provide drop-in production modules. See the Lightsail Database resource reference for all available configuration options.
Let's create AWS Lightsail Databases
Get started with Pulumi Cloud, then follow our quick setup guide to deploy this infrastructure.
Try Pulumi Cloud for FREEFrequently Asked Questions
Regional Availability & Immutability
Is Lightsail available in all AWS Regions?
No, Lightsail is only supported in a limited number of AWS Regions. Check the AWS Regional Product Services page before deploying.
What properties can't be changed after creating my database?
The following properties are immutable:
relationalDatabaseName, availabilityZone, blueprintId, bundleId, masterDatabaseName, and masterUsername. Changing these requires recreating the database.Database Configuration & Sizing
What database engines are available in Lightsail?
MySQL and PostgreSQL are supported. Specify the engine and version using
blueprintId (e.g., mysql_8_0 or postgres_12). Get the full list via AWS CLI: aws lightsail get-relational-database-blueprints.What database sizes are available?
Bundles define performance specifications (CPU, RAM, disk) with size prefixes:
micro_, small_, medium_, large_. Examples include micro_1_0, small_1_0, and large_1_0. Get the full list via AWS CLI: aws lightsail get-relational-database-bundles.How do I enable high availability for my database?
Use a bundle ID with the
ha_ infix, such as small_ha_1_0 or large_ha_1_0. High availability databases include a secondary availability zone for failover support.Backup & Maintenance Windows
How do I configure the backup window for my database?
Set
preferredBackupWindow in hh24:mi-hh24:mi format using UTC time. For example, 16:00-16:30 schedules daily backups between 4:00 PM and 4:30 PM UTC.How do I configure the maintenance window for my database?
Set
preferredMaintenanceWindow in ddd:hh24:mi-ddd:hh24:mi format using UTC time. For example, Tue:17:00-Tue:17:30 schedules maintenance on Tuesdays between 5:00 PM and 5:30 PM UTC.Change Management & Outages
When do configuration changes apply to my database?
By default, changes that cause outages wait for the maintenance window. Set
applyImmediately to true to apply changes immediately, but note that some changes may cause an outage.Snapshots & Data Protection
How do I create a final snapshot when deleting my database?
Set
finalSnapshotName to your desired snapshot name. This parameter is required if skipFinalSnapshot is false (the default). To skip the final snapshot, set skipFinalSnapshot to true.What happens if I disable automated backup retention?
Setting
backupRetentionEnabled to false permanently deletes all automated database backups. Create a manual snapshot before disabling backup retention if you need to preserve your data.Network Access
Can I make my database accessible from outside my Lightsail account?
Yes, set
publiclyAccessible to true to allow access from resources outside your Lightsail account. When false (default), the database is only accessible to Lightsail resources in the same region.