Create AWS Lightsail Databases

The aws:lightsail/database:Database resource, part of the Pulumi AWS provider, provisions a fully managed Lightsail database instance with automated backups, monitoring, and maintenance. This guide focuses on four capabilities: engine and bundle selection, backup and maintenance scheduling, snapshot management, and change application timing.

Lightsail databases run in AWS regions with Lightsail support and are isolated from VPC resources by default. The examples are intentionally small. Combine them with your own access controls, monitoring, and application connection logic.

Create a MySQL database with basic configuration

Most deployments start by selecting an engine, choosing a bundle size, and specifying master credentials.

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.lightsail.Database("example", {
    relationalDatabaseName: "example-database",
    availabilityZone: "us-east-1a",
    masterDatabaseName: "exampledb",
    masterPassword: "examplepassword123",
    masterUsername: "exampleuser",
    blueprintId: "mysql_8_0",
    bundleId: "micro_1_0",
});

import pulumi
import pulumi_aws as aws

example = aws.lightsail.Database("example",
    relational_database_name="example-database",
    availability_zone="us-east-1a",
    master_database_name="exampledb",
    master_password="examplepassword123",
    master_username="exampleuser",
    blueprint_id="mysql_8_0",
    bundle_id="micro_1_0")

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/lightsail"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := lightsail.NewDatabase(ctx, "example", &lightsail.DatabaseArgs{
			RelationalDatabaseName: pulumi.String("example-database"),
			AvailabilityZone:       pulumi.String("us-east-1a"),
			MasterDatabaseName:     pulumi.String("exampledb"),
			MasterPassword:         pulumi.String("examplepassword123"),
			MasterUsername:         pulumi.String("exampleuser"),
			BlueprintId:            pulumi.String("mysql_8_0"),
			BundleId:               pulumi.String("micro_1_0"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.LightSail.Database("example", new()
    {
        RelationalDatabaseName = "example-database",
        AvailabilityZone = "us-east-1a",
        MasterDatabaseName = "exampledb",
        MasterPassword = "examplepassword123",
        MasterUsername = "exampleuser",
        BlueprintId = "mysql_8_0",
        BundleId = "micro_1_0",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lightsail.Database;
import com.pulumi.aws.lightsail.DatabaseArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new Database("example", DatabaseArgs.builder()
            .relationalDatabaseName("example-database")
            .availabilityZone("us-east-1a")
            .masterDatabaseName("exampledb")
            .masterPassword("examplepassword123")
            .masterUsername("exampleuser")
            .blueprintId("mysql_8_0")
            .bundleId("micro_1_0")
            .build());

    }
}

resources:
  example:
    type: aws:lightsail:Database
    properties:
      relationalDatabaseName: example-database
      availabilityZone: us-east-1a
      masterDatabaseName: exampledb
      masterPassword: examplepassword123
      masterUsername: exampleuser
      blueprintId: mysql_8_0
      bundleId: micro_1_0

The blueprintId selects the database engine and version (e.g., mysql_8_0, postgres_12). The bundleId determines CPU, RAM, and disk size (e.g., micro_1_0 for small workloads). The masterDatabaseName, masterUsername, and masterPassword define the initial database and admin credentials. The availabilityZone places the database in a specific zone within your region.

Schedule backup and maintenance windows

Production databases need predictable schedules to avoid disrupting business hours.

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.lightsail.Database("example", {
    relationalDatabaseName: "example-database",
    availabilityZone: "us-east-1a",
    masterDatabaseName: "exampledb",
    masterPassword: "examplepassword123",
    masterUsername: "exampleuser",
    blueprintId: "postgres_12",
    bundleId: "micro_1_0",
    preferredBackupWindow: "16:00-16:30",
    preferredMaintenanceWindow: "Tue:17:00-Tue:17:30",
});

import pulumi
import pulumi_aws as aws

example = aws.lightsail.Database("example",
    relational_database_name="example-database",
    availability_zone="us-east-1a",
    master_database_name="exampledb",
    master_password="examplepassword123",
    master_username="exampleuser",
    blueprint_id="postgres_12",
    bundle_id="micro_1_0",
    preferred_backup_window="16:00-16:30",
    preferred_maintenance_window="Tue:17:00-Tue:17:30")

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/lightsail"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := lightsail.NewDatabase(ctx, "example", &lightsail.DatabaseArgs{
			RelationalDatabaseName:     pulumi.String("example-database"),
			AvailabilityZone:           pulumi.String("us-east-1a"),
			MasterDatabaseName:         pulumi.String("exampledb"),
			MasterPassword:             pulumi.String("examplepassword123"),
			MasterUsername:             pulumi.String("exampleuser"),
			BlueprintId:                pulumi.String("postgres_12"),
			BundleId:                   pulumi.String("micro_1_0"),
			PreferredBackupWindow:      pulumi.String("16:00-16:30"),
			PreferredMaintenanceWindow: pulumi.String("Tue:17:00-Tue:17:30"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.LightSail.Database("example", new()
    {
        RelationalDatabaseName = "example-database",
        AvailabilityZone = "us-east-1a",
        MasterDatabaseName = "exampledb",
        MasterPassword = "examplepassword123",
        MasterUsername = "exampleuser",
        BlueprintId = "postgres_12",
        BundleId = "micro_1_0",
        PreferredBackupWindow = "16:00-16:30",
        PreferredMaintenanceWindow = "Tue:17:00-Tue:17:30",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lightsail.Database;
import com.pulumi.aws.lightsail.DatabaseArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new Database("example", DatabaseArgs.builder()
            .relationalDatabaseName("example-database")
            .availabilityZone("us-east-1a")
            .masterDatabaseName("exampledb")
            .masterPassword("examplepassword123")
            .masterUsername("exampleuser")
            .blueprintId("postgres_12")
            .bundleId("micro_1_0")
            .preferredBackupWindow("16:00-16:30")
            .preferredMaintenanceWindow("Tue:17:00-Tue:17:30")
            .build());

    }
}

resources:
  example:
    type: aws:lightsail:Database
    properties:
      relationalDatabaseName: example-database
      availabilityZone: us-east-1a
      masterDatabaseName: exampledb
      masterPassword: examplepassword123
      masterUsername: exampleuser
      blueprintId: postgres_12
      bundleId: micro_1_0
      preferredBackupWindow: 16:00-16:30
      preferredMaintenanceWindow: Tue:17:00-Tue:17:30

The preferredBackupWindow sets a 30-minute daily window for automated backups (format: hh24:mi-hh24:mi, UTC). The preferredMaintenanceWindow defines a weekly window for disruptive changes like engine upgrades (format: ddd:hh24:mi-ddd:hh24:mi, UTC). Changes that would cause downtime wait until this window unless you override with applyImmediately.

Preserve data with final snapshots on deletion

Before deleting a database, capture a final snapshot for compliance or disaster recovery.

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.lightsail.Database("example", {
    relationalDatabaseName: "example-database",
    availabilityZone: "us-east-1a",
    masterDatabaseName: "exampledb",
    masterPassword: "examplepassword123",
    masterUsername: "exampleuser",
    blueprintId: "postgres_12",
    bundleId: "micro_1_0",
    preferredBackupWindow: "16:00-16:30",
    preferredMaintenanceWindow: "Tue:17:00-Tue:17:30",
    finalSnapshotName: "example-final-snapshot",
});

import pulumi
import pulumi_aws as aws

example = aws.lightsail.Database("example",
    relational_database_name="example-database",
    availability_zone="us-east-1a",
    master_database_name="exampledb",
    master_password="examplepassword123",
    master_username="exampleuser",
    blueprint_id="postgres_12",
    bundle_id="micro_1_0",
    preferred_backup_window="16:00-16:30",
    preferred_maintenance_window="Tue:17:00-Tue:17:30",
    final_snapshot_name="example-final-snapshot")

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/lightsail"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := lightsail.NewDatabase(ctx, "example", &lightsail.DatabaseArgs{
			RelationalDatabaseName:     pulumi.String("example-database"),
			AvailabilityZone:           pulumi.String("us-east-1a"),
			MasterDatabaseName:         pulumi.String("exampledb"),
			MasterPassword:             pulumi.String("examplepassword123"),
			MasterUsername:             pulumi.String("exampleuser"),
			BlueprintId:                pulumi.String("postgres_12"),
			BundleId:                   pulumi.String("micro_1_0"),
			PreferredBackupWindow:      pulumi.String("16:00-16:30"),
			PreferredMaintenanceWindow: pulumi.String("Tue:17:00-Tue:17:30"),
			FinalSnapshotName:          pulumi.String("example-final-snapshot"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.LightSail.Database("example", new()
    {
        RelationalDatabaseName = "example-database",
        AvailabilityZone = "us-east-1a",
        MasterDatabaseName = "exampledb",
        MasterPassword = "examplepassword123",
        MasterUsername = "exampleuser",
        BlueprintId = "postgres_12",
        BundleId = "micro_1_0",
        PreferredBackupWindow = "16:00-16:30",
        PreferredMaintenanceWindow = "Tue:17:00-Tue:17:30",
        FinalSnapshotName = "example-final-snapshot",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lightsail.Database;
import com.pulumi.aws.lightsail.DatabaseArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new Database("example", DatabaseArgs.builder()
            .relationalDatabaseName("example-database")
            .availabilityZone("us-east-1a")
            .masterDatabaseName("exampledb")
            .masterPassword("examplepassword123")
            .masterUsername("exampleuser")
            .blueprintId("postgres_12")
            .bundleId("micro_1_0")
            .preferredBackupWindow("16:00-16:30")
            .preferredMaintenanceWindow("Tue:17:00-Tue:17:30")
            .finalSnapshotName("example-final-snapshot")
            .build());

    }
}

resources:
  example:
    type: aws:lightsail:Database
    properties:
      relationalDatabaseName: example-database
      availabilityZone: us-east-1a
      masterDatabaseName: exampledb
      masterPassword: examplepassword123
      masterUsername: exampleuser
      blueprintId: postgres_12
      bundleId: micro_1_0
      preferredBackupWindow: 16:00-16:30
      preferredMaintenanceWindow: Tue:17:00-Tue:17:30
      finalSnapshotName: example-final-snapshot

The finalSnapshotName creates a named snapshot when the database is destroyed. Without this property, Pulumi deletes the database without preserving data. Use skipFinalSnapshot: true to explicitly skip snapshot creation.

Apply configuration changes immediately

Some changes normally wait for the maintenance window; applyImmediately bypasses this delay.

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.lightsail.Database("example", {
    relationalDatabaseName: "example-database",
    availabilityZone: "us-east-1a",
    masterDatabaseName: "exampledb",
    masterPassword: "examplepassword123",
    masterUsername: "exampleuser",
    blueprintId: "postgres_12",
    bundleId: "micro_1_0",
    applyImmediately: true,
});

import pulumi
import pulumi_aws as aws

example = aws.lightsail.Database("example",
    relational_database_name="example-database",
    availability_zone="us-east-1a",
    master_database_name="exampledb",
    master_password="examplepassword123",
    master_username="exampleuser",
    blueprint_id="postgres_12",
    bundle_id="micro_1_0",
    apply_immediately=True)

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/lightsail"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := lightsail.NewDatabase(ctx, "example", &lightsail.DatabaseArgs{
			RelationalDatabaseName: pulumi.String("example-database"),
			AvailabilityZone:       pulumi.String("us-east-1a"),
			MasterDatabaseName:     pulumi.String("exampledb"),
			MasterPassword:         pulumi.String("examplepassword123"),
			MasterUsername:         pulumi.String("exampleuser"),
			BlueprintId:            pulumi.String("postgres_12"),
			BundleId:               pulumi.String("micro_1_0"),
			ApplyImmediately:       pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.LightSail.Database("example", new()
    {
        RelationalDatabaseName = "example-database",
        AvailabilityZone = "us-east-1a",
        MasterDatabaseName = "exampledb",
        MasterPassword = "examplepassword123",
        MasterUsername = "exampleuser",
        BlueprintId = "postgres_12",
        BundleId = "micro_1_0",
        ApplyImmediately = true,
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lightsail.Database;
import com.pulumi.aws.lightsail.DatabaseArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new Database("example", DatabaseArgs.builder()
            .relationalDatabaseName("example-database")
            .availabilityZone("us-east-1a")
            .masterDatabaseName("exampledb")
            .masterPassword("examplepassword123")
            .masterUsername("exampleuser")
            .blueprintId("postgres_12")
            .bundleId("micro_1_0")
            .applyImmediately(true)
            .build());

    }
}

resources:
  example:
    type: aws:lightsail:Database
    properties:
      relationalDatabaseName: example-database
      availabilityZone: us-east-1a
      masterDatabaseName: exampledb
      masterPassword: examplepassword123
      masterUsername: exampleuser
      blueprintId: postgres_12
      bundleId: micro_1_0
      applyImmediately: true

When applyImmediately is true, changes like password updates or bundle resizing take effect immediately instead of waiting for the preferredMaintenanceWindow. Some changes may cause brief downtime when applied outside the maintenance window.

Beyond these examples

These snippets focus on specific database-level features: engine selection and bundle sizing, backup and maintenance scheduling, and snapshot management and immediate updates. They’re intentionally minimal rather than full database deployments.

The examples assume pre-existing infrastructure such as an AWS region with Lightsail availability. They focus on configuring the database rather than provisioning surrounding infrastructure.

To keep things focused, common database patterns are omitted, including:

Public accessibility (publiclyAccessible)
Backup retention controls (backupRetentionEnabled)
High availability bundles (ha_ infix)
Tagging for organization and cost tracking

These omissions are intentional: the goal is to illustrate how each database feature is wired, not provide drop-in production modules. See the Lightsail Database resource reference for all available configuration options.

Let's create AWS Lightsail Databases

Get started with Pulumi Cloud, then follow our quick setup guide to deploy this infrastructure.

Try Pulumi Cloud for FREE

Frequently Asked Questions

Regional Availability & Limitations

Is Lightsail Database available in all AWS Regions?

No, Lightsail is only supported in a limited number of AWS Regions. Check the AWS Regional Product Services page to verify availability in your target region before deployment.

Database Configuration & Immutability

What properties can't be changed after creating a database?

The following properties are immutable and require recreating the database to change: blueprintId, bundleId, availabilityZone, masterDatabaseName, masterUsername, and relationalDatabaseName.

How do I choose the right database engine and performance tier?

Use blueprintId to specify the engine and version (e.g., mysql_8_0, postgres_12). Use bundleId to define performance specs with format: size prefix (micro_, small_, medium_, large_), optional ha_ infix for high availability, and 1_0 suffix (e.g., micro_1_0, small_ha_1_0).

How can I find available blueprints and bundles for my database?

Use AWS CLI commands: aws lightsail get-relational-database-blueprints for available engine versions and aws lightsail get-relational-database-bundles for performance tiers.

What characters are not allowed in the master password?

The masterPassword cannot include forward slash (/), double quote ("), or at sign (@) characters.

Backup & Snapshots

What happens when I disable backup retention?

Setting backupRetentionEnabled to false deletes all automated database backups. Create a manual snapshot before disabling if you need to preserve backup data.

How do I create a final snapshot before deleting my database?

Set skipFinalSnapshot to false (or omit it) and provide a finalSnapshotName. If skipFinalSnapshot is false, you must specify finalSnapshotName.

What time format should I use for backup windows?

Use hh24:mi-hh24:mi format in UTC for preferredBackupWindow (e.g., 16:00-16:30 for daily backups between 4:00 PM and 4:30 PM UTC).

Maintenance & Updates

What time format should I use for maintenance windows?

Use ddd:hh24:mi-ddd:hh24:mi format in UTC for preferredMaintenanceWindow (e.g., Tue:17:00-Tue:17:30 for maintenance on Tuesdays between 5:00 PM and 5:30 PM UTC).

How do I apply database changes immediately instead of waiting for the maintenance window?

Set applyImmediately to true. However, some changes may cause an outage, so use this carefully in production environments.

When do database changes take effect if I don't use applyImmediately?

When applyImmediately is false, changes that would cause an outage are applied during your preferredMaintenanceWindow.

Security & Access

How do I control whether my database is publicly accessible?

Use publiclyAccessible: set to true for access from outside your Lightsail account, or false to restrict access to Lightsail resources in the same region only.

What's the difference between single-AZ and high availability databases?

High availability databases use bundle IDs with the ha_ infix (e.g., small_ha_1_0) and include a secondaryAvailabilityZone for failover support.

Using a different cloud?

Explore database guides for other cloud providers:

Azure Guides GCP Guides