The azure-native:dbforpostgresql:Server resource, part of the Pulumi Azure Native provider, provisions Azure Database for PostgreSQL flexible servers with compute, storage, networking, and operational features. This guide focuses on four capabilities: zone-redundant high availability, VNet integration and private networking, authentication and encryption options, and backup restore and read replicas.
Flexible servers require virtual network infrastructure for private connectivity and may reference Key Vault resources for encryption or source servers for restore and replication operations. The examples are intentionally small. Combine them with your own VNet configuration, Key Vault setup, and operational requirements.
Create a zone-redundant server with VNet integration
Most PostgreSQL deployments start by provisioning a server with compute, storage, and network configuration. Zone-redundant high availability spreads replicas across availability zones for resilience against datacenter failures.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const server = new azure_native.dbforpostgresql.Server("server", {
administratorLogin: "administratorlogin",
administratorLoginPassword: "examplepassword",
availabilityZone: "1",
backup: {
backupRetentionDays: 7,
geoRedundantBackup: azure_native.dbforpostgresql.GeoRedundantBackupEnum.Enabled,
},
createMode: azure_native.dbforpostgresql.CreateMode.Create,
highAvailability: {
mode: azure_native.dbforpostgresql.HighAvailabilityMode.ZoneRedundant,
},
location: "westus",
network: {
delegatedSubnetResourceId: "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.Network/virtualNetworks/examplevirtualnetwork/subnets/examplesubnet",
privateDnsZoneArmResourceId: "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.Network/privateDnsZones/exampleprivatednszone.private.postgres.database",
},
resourceGroupName: "exampleresourcegroup",
serverName: "exampleserver",
sku: {
name: "Standard_D4ds_v5",
tier: azure_native.dbforpostgresql.SkuTier.GeneralPurpose,
},
storage: {
autoGrow: azure_native.dbforpostgresql.StorageAutoGrow.Disabled,
storageSizeGB: 512,
tier: azure_native.dbforpostgresql.AzureManagedDiskPerformanceTiers.P20,
},
tags: {
VNetServer: "1",
},
version: azure_native.dbforpostgresql.ServerVersion.ServerVersion_16,
});
import pulumi
import pulumi_azure_native as azure_native
server = azure_native.dbforpostgresql.Server("server",
administrator_login="administratorlogin",
administrator_login_password="examplepassword",
availability_zone="1",
backup={
"backup_retention_days": 7,
"geo_redundant_backup": azure_native.dbforpostgresql.GeoRedundantBackupEnum.ENABLED,
},
create_mode=azure_native.dbforpostgresql.CreateMode.CREATE,
high_availability={
"mode": azure_native.dbforpostgresql.HighAvailabilityMode.ZONE_REDUNDANT,
},
location="westus",
network={
"delegated_subnet_resource_id": "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.Network/virtualNetworks/examplevirtualnetwork/subnets/examplesubnet",
"private_dns_zone_arm_resource_id": "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.Network/privateDnsZones/exampleprivatednszone.private.postgres.database",
},
resource_group_name="exampleresourcegroup",
server_name="exampleserver",
sku={
"name": "Standard_D4ds_v5",
"tier": azure_native.dbforpostgresql.SkuTier.GENERAL_PURPOSE,
},
storage={
"auto_grow": azure_native.dbforpostgresql.StorageAutoGrow.DISABLED,
"storage_size_gb": 512,
"tier": azure_native.dbforpostgresql.AzureManagedDiskPerformanceTiers.P20,
},
tags={
"VNetServer": "1",
},
version=azure_native.dbforpostgresql.ServerVersion.SERVER_VERSION_16)
package main
import (
dbforpostgresql "github.com/pulumi/pulumi-azure-native-sdk/dbforpostgresql/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := dbforpostgresql.NewServer(ctx, "server", &dbforpostgresql.ServerArgs{
AdministratorLogin: pulumi.String("administratorlogin"),
AdministratorLoginPassword: pulumi.String("examplepassword"),
AvailabilityZone: pulumi.String("1"),
Backup: &dbforpostgresql.BackupTypeArgs{
BackupRetentionDays: pulumi.Int(7),
GeoRedundantBackup: pulumi.String(dbforpostgresql.GeoRedundantBackupEnumEnabled),
},
CreateMode: pulumi.String(dbforpostgresql.CreateModeCreate),
HighAvailability: &dbforpostgresql.HighAvailabilityArgs{
Mode: pulumi.String(dbforpostgresql.HighAvailabilityModeZoneRedundant),
},
Location: pulumi.String("westus"),
Network: &dbforpostgresql.NetworkArgs{
DelegatedSubnetResourceId: pulumi.String("/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.Network/virtualNetworks/examplevirtualnetwork/subnets/examplesubnet"),
PrivateDnsZoneArmResourceId: pulumi.String("/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.Network/privateDnsZones/exampleprivatednszone.private.postgres.database"),
},
ResourceGroupName: pulumi.String("exampleresourcegroup"),
ServerName: pulumi.String("exampleserver"),
Sku: &dbforpostgresql.SkuArgs{
Name: pulumi.String("Standard_D4ds_v5"),
Tier: pulumi.String(dbforpostgresql.SkuTierGeneralPurpose),
},
Storage: &dbforpostgresql.StorageArgs{
AutoGrow: pulumi.String(dbforpostgresql.StorageAutoGrowDisabled),
StorageSizeGB: pulumi.Int(512),
Tier: pulumi.String(dbforpostgresql.AzureManagedDiskPerformanceTiersP20),
},
Tags: pulumi.StringMap{
"VNetServer": pulumi.String("1"),
},
Version: pulumi.String(dbforpostgresql.ServerVersion_16),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var server = new AzureNative.DBforPostgreSQL.Server("server", new()
{
AdministratorLogin = "administratorlogin",
AdministratorLoginPassword = "examplepassword",
AvailabilityZone = "1",
Backup = new AzureNative.DBforPostgreSQL.Inputs.BackupArgs
{
BackupRetentionDays = 7,
GeoRedundantBackup = AzureNative.DBforPostgreSQL.GeoRedundantBackupEnum.Enabled,
},
CreateMode = AzureNative.DBforPostgreSQL.CreateMode.Create,
HighAvailability = new AzureNative.DBforPostgreSQL.Inputs.HighAvailabilityArgs
{
Mode = AzureNative.DBforPostgreSQL.HighAvailabilityMode.ZoneRedundant,
},
Location = "westus",
Network = new AzureNative.DBforPostgreSQL.Inputs.NetworkArgs
{
DelegatedSubnetResourceId = "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.Network/virtualNetworks/examplevirtualnetwork/subnets/examplesubnet",
PrivateDnsZoneArmResourceId = "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.Network/privateDnsZones/exampleprivatednszone.private.postgres.database",
},
ResourceGroupName = "exampleresourcegroup",
ServerName = "exampleserver",
Sku = new AzureNative.DBforPostgreSQL.Inputs.SkuArgs
{
Name = "Standard_D4ds_v5",
Tier = AzureNative.DBforPostgreSQL.SkuTier.GeneralPurpose,
},
Storage = new AzureNative.DBforPostgreSQL.Inputs.StorageArgs
{
AutoGrow = AzureNative.DBforPostgreSQL.StorageAutoGrow.Disabled,
StorageSizeGB = 512,
Tier = AzureNative.DBforPostgreSQL.AzureManagedDiskPerformanceTiers.P20,
},
Tags =
{
{ "VNetServer", "1" },
},
Version = AzureNative.DBforPostgreSQL.ServerVersion.ServerVersion_16,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.dbforpostgresql.Server;
import com.pulumi.azurenative.dbforpostgresql.ServerArgs;
import com.pulumi.azurenative.dbforpostgresql.inputs.BackupArgs;
import com.pulumi.azurenative.dbforpostgresql.inputs.HighAvailabilityArgs;
import com.pulumi.azurenative.dbforpostgresql.inputs.NetworkArgs;
import com.pulumi.azurenative.dbforpostgresql.inputs.SkuArgs;
import com.pulumi.azurenative.dbforpostgresql.inputs.StorageArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var server = new Server("server", ServerArgs.builder()
.administratorLogin("administratorlogin")
.administratorLoginPassword("examplepassword")
.availabilityZone("1")
.backup(BackupArgs.builder()
.backupRetentionDays(7)
.geoRedundantBackup("Enabled")
.build())
.createMode("Create")
.highAvailability(HighAvailabilityArgs.builder()
.mode("ZoneRedundant")
.build())
.location("westus")
.network(NetworkArgs.builder()
.delegatedSubnetResourceId("/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.Network/virtualNetworks/examplevirtualnetwork/subnets/examplesubnet")
.privateDnsZoneArmResourceId("/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.Network/privateDnsZones/exampleprivatednszone.private.postgres.database")
.build())
.resourceGroupName("exampleresourcegroup")
.serverName("exampleserver")
.sku(SkuArgs.builder()
.name("Standard_D4ds_v5")
.tier("GeneralPurpose")
.build())
.storage(StorageArgs.builder()
.autoGrow("Disabled")
.storageSizeGB(512)
.tier("P20")
.build())
.tags(Map.of("VNetServer", "1"))
.version("16")
.build());
}
}
resources:
server:
type: azure-native:dbforpostgresql:Server
properties:
administratorLogin: administratorlogin
administratorLoginPassword: examplepassword
availabilityZone: '1'
backup:
backupRetentionDays: 7
geoRedundantBackup: Enabled
createMode: Create
highAvailability:
mode: ZoneRedundant
location: westus
network:
delegatedSubnetResourceId: /subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.Network/virtualNetworks/examplevirtualnetwork/subnets/examplesubnet
privateDnsZoneArmResourceId: /subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.Network/privateDnsZones/exampleprivatednszone.private.postgres.database
resourceGroupName: exampleresourcegroup
serverName: exampleserver
sku:
name: Standard_D4ds_v5
tier: GeneralPurpose
storage:
autoGrow: Disabled
storageSizeGB: 512
tier: P20
tags:
VNetServer: '1'
version: '16'
The sku property defines compute tier and size (Standard_D4ds_v5 provides 4 vCPUs in the GeneralPurpose tier). The storage property sets capacity (512 GB) and performance tier (P20). The highAvailability property enables ZoneRedundant mode, which maintains a standby replica in a different availability zone. The network property integrates the server into your virtual network via delegatedSubnetResourceId and privateDnsZoneArmResourceId. The backup property configures retention (7 days) and geo-redundancy.
Enable Microsoft Entra authentication alongside password auth
Organizations that use Azure Active Directory for identity management can enable Entra authentication on PostgreSQL servers, allowing users to authenticate with their Azure AD credentials.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const server = new azure_native.dbforpostgresql.Server("server", {
administratorLogin: "administratorlogin",
administratorLoginPassword: "examplepassword",
authConfig: {
activeDirectoryAuth: azure_native.dbforpostgresql.ActiveDirectoryAuthEnum.Enabled,
passwordAuth: azure_native.dbforpostgresql.PasswordAuthEnum.Enabled,
tenantId: "tttttt-tttt-tttt-tttt-tttttttttttt",
},
availabilityZone: "1",
backup: {
backupRetentionDays: 7,
geoRedundantBackup: azure_native.dbforpostgresql.GeoRedundantBackupEnum.Disabled,
},
createMode: azure_native.dbforpostgresql.CreateMode.Create,
dataEncryption: {
type: azure_native.dbforpostgresql.ArmServerKeyType.SystemManaged,
},
highAvailability: {
mode: azure_native.dbforpostgresql.HighAvailabilityMode.ZoneRedundant,
},
location: "westus",
network: {
delegatedSubnetResourceId: "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.Network/virtualNetworks/examplevirtualnetwork/subnets/examplesubnet",
privateDnsZoneArmResourceId: "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourcegroups/exampleresourcegroup/providers/Microsoft.Network/privateDnsZones/exampleprivatednszone.postgres.database.azure.com",
},
resourceGroupName: "exampleresourcegroup",
serverName: "exampleserver",
sku: {
name: "Standard_D4ds_v5",
tier: azure_native.dbforpostgresql.SkuTier.GeneralPurpose,
},
storage: {
autoGrow: azure_native.dbforpostgresql.StorageAutoGrow.Disabled,
storageSizeGB: 512,
tier: azure_native.dbforpostgresql.AzureManagedDiskPerformanceTiers.P20,
},
version: azure_native.dbforpostgresql.ServerVersion.ServerVersion_16,
});
import pulumi
import pulumi_azure_native as azure_native
server = azure_native.dbforpostgresql.Server("server",
administrator_login="administratorlogin",
administrator_login_password="examplepassword",
auth_config={
"active_directory_auth": azure_native.dbforpostgresql.ActiveDirectoryAuthEnum.ENABLED,
"password_auth": azure_native.dbforpostgresql.PasswordAuthEnum.ENABLED,
"tenant_id": "tttttt-tttt-tttt-tttt-tttttttttttt",
},
availability_zone="1",
backup={
"backup_retention_days": 7,
"geo_redundant_backup": azure_native.dbforpostgresql.GeoRedundantBackupEnum.DISABLED,
},
create_mode=azure_native.dbforpostgresql.CreateMode.CREATE,
data_encryption={
"type": azure_native.dbforpostgresql.ArmServerKeyType.SYSTEM_MANAGED,
},
high_availability={
"mode": azure_native.dbforpostgresql.HighAvailabilityMode.ZONE_REDUNDANT,
},
location="westus",
network={
"delegated_subnet_resource_id": "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.Network/virtualNetworks/examplevirtualnetwork/subnets/examplesubnet",
"private_dns_zone_arm_resource_id": "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourcegroups/exampleresourcegroup/providers/Microsoft.Network/privateDnsZones/exampleprivatednszone.postgres.database.azure.com",
},
resource_group_name="exampleresourcegroup",
server_name="exampleserver",
sku={
"name": "Standard_D4ds_v5",
"tier": azure_native.dbforpostgresql.SkuTier.GENERAL_PURPOSE,
},
storage={
"auto_grow": azure_native.dbforpostgresql.StorageAutoGrow.DISABLED,
"storage_size_gb": 512,
"tier": azure_native.dbforpostgresql.AzureManagedDiskPerformanceTiers.P20,
},
version=azure_native.dbforpostgresql.ServerVersion.SERVER_VERSION_16)
package main
import (
dbforpostgresql "github.com/pulumi/pulumi-azure-native-sdk/dbforpostgresql/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := dbforpostgresql.NewServer(ctx, "server", &dbforpostgresql.ServerArgs{
AdministratorLogin: pulumi.String("administratorlogin"),
AdministratorLoginPassword: pulumi.String("examplepassword"),
AuthConfig: &dbforpostgresql.AuthConfigArgs{
ActiveDirectoryAuth: pulumi.String(dbforpostgresql.ActiveDirectoryAuthEnumEnabled),
PasswordAuth: pulumi.String(dbforpostgresql.PasswordAuthEnumEnabled),
TenantId: pulumi.String("tttttt-tttt-tttt-tttt-tttttttttttt"),
},
AvailabilityZone: pulumi.String("1"),
Backup: &dbforpostgresql.BackupTypeArgs{
BackupRetentionDays: pulumi.Int(7),
GeoRedundantBackup: pulumi.String(dbforpostgresql.GeoRedundantBackupEnumDisabled),
},
CreateMode: pulumi.String(dbforpostgresql.CreateModeCreate),
DataEncryption: &dbforpostgresql.DataEncryptionArgs{
Type: pulumi.String(dbforpostgresql.ArmServerKeyTypeSystemManaged),
},
HighAvailability: &dbforpostgresql.HighAvailabilityArgs{
Mode: pulumi.String(dbforpostgresql.HighAvailabilityModeZoneRedundant),
},
Location: pulumi.String("westus"),
Network: &dbforpostgresql.NetworkArgs{
DelegatedSubnetResourceId: pulumi.String("/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.Network/virtualNetworks/examplevirtualnetwork/subnets/examplesubnet"),
PrivateDnsZoneArmResourceId: pulumi.String("/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourcegroups/exampleresourcegroup/providers/Microsoft.Network/privateDnsZones/exampleprivatednszone.postgres.database.azure.com"),
},
ResourceGroupName: pulumi.String("exampleresourcegroup"),
ServerName: pulumi.String("exampleserver"),
Sku: &dbforpostgresql.SkuArgs{
Name: pulumi.String("Standard_D4ds_v5"),
Tier: pulumi.String(dbforpostgresql.SkuTierGeneralPurpose),
},
Storage: &dbforpostgresql.StorageArgs{
AutoGrow: pulumi.String(dbforpostgresql.StorageAutoGrowDisabled),
StorageSizeGB: pulumi.Int(512),
Tier: pulumi.String(dbforpostgresql.AzureManagedDiskPerformanceTiersP20),
},
Version: pulumi.String(dbforpostgresql.ServerVersion_16),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var server = new AzureNative.DBforPostgreSQL.Server("server", new()
{
AdministratorLogin = "administratorlogin",
AdministratorLoginPassword = "examplepassword",
AuthConfig = new AzureNative.DBforPostgreSQL.Inputs.AuthConfigArgs
{
ActiveDirectoryAuth = AzureNative.DBforPostgreSQL.ActiveDirectoryAuthEnum.Enabled,
PasswordAuth = AzureNative.DBforPostgreSQL.PasswordAuthEnum.Enabled,
TenantId = "tttttt-tttt-tttt-tttt-tttttttttttt",
},
AvailabilityZone = "1",
Backup = new AzureNative.DBforPostgreSQL.Inputs.BackupArgs
{
BackupRetentionDays = 7,
GeoRedundantBackup = AzureNative.DBforPostgreSQL.GeoRedundantBackupEnum.Disabled,
},
CreateMode = AzureNative.DBforPostgreSQL.CreateMode.Create,
DataEncryption = new AzureNative.DBforPostgreSQL.Inputs.DataEncryptionArgs
{
Type = AzureNative.DBforPostgreSQL.ArmServerKeyType.SystemManaged,
},
HighAvailability = new AzureNative.DBforPostgreSQL.Inputs.HighAvailabilityArgs
{
Mode = AzureNative.DBforPostgreSQL.HighAvailabilityMode.ZoneRedundant,
},
Location = "westus",
Network = new AzureNative.DBforPostgreSQL.Inputs.NetworkArgs
{
DelegatedSubnetResourceId = "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.Network/virtualNetworks/examplevirtualnetwork/subnets/examplesubnet",
PrivateDnsZoneArmResourceId = "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourcegroups/exampleresourcegroup/providers/Microsoft.Network/privateDnsZones/exampleprivatednszone.postgres.database.azure.com",
},
ResourceGroupName = "exampleresourcegroup",
ServerName = "exampleserver",
Sku = new AzureNative.DBforPostgreSQL.Inputs.SkuArgs
{
Name = "Standard_D4ds_v5",
Tier = AzureNative.DBforPostgreSQL.SkuTier.GeneralPurpose,
},
Storage = new AzureNative.DBforPostgreSQL.Inputs.StorageArgs
{
AutoGrow = AzureNative.DBforPostgreSQL.StorageAutoGrow.Disabled,
StorageSizeGB = 512,
Tier = AzureNative.DBforPostgreSQL.AzureManagedDiskPerformanceTiers.P20,
},
Version = AzureNative.DBforPostgreSQL.ServerVersion.ServerVersion_16,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.dbforpostgresql.Server;
import com.pulumi.azurenative.dbforpostgresql.ServerArgs;
import com.pulumi.azurenative.dbforpostgresql.inputs.AuthConfigArgs;
import com.pulumi.azurenative.dbforpostgresql.inputs.BackupArgs;
import com.pulumi.azurenative.dbforpostgresql.inputs.DataEncryptionArgs;
import com.pulumi.azurenative.dbforpostgresql.inputs.HighAvailabilityArgs;
import com.pulumi.azurenative.dbforpostgresql.inputs.NetworkArgs;
import com.pulumi.azurenative.dbforpostgresql.inputs.SkuArgs;
import com.pulumi.azurenative.dbforpostgresql.inputs.StorageArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var server = new Server("server", ServerArgs.builder()
.administratorLogin("administratorlogin")
.administratorLoginPassword("examplepassword")
.authConfig(AuthConfigArgs.builder()
.activeDirectoryAuth("Enabled")
.passwordAuth("Enabled")
.tenantId("tttttt-tttt-tttt-tttt-tttttttttttt")
.build())
.availabilityZone("1")
.backup(BackupArgs.builder()
.backupRetentionDays(7)
.geoRedundantBackup("Disabled")
.build())
.createMode("Create")
.dataEncryption(DataEncryptionArgs.builder()
.type("SystemManaged")
.build())
.highAvailability(HighAvailabilityArgs.builder()
.mode("ZoneRedundant")
.build())
.location("westus")
.network(NetworkArgs.builder()
.delegatedSubnetResourceId("/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.Network/virtualNetworks/examplevirtualnetwork/subnets/examplesubnet")
.privateDnsZoneArmResourceId("/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourcegroups/exampleresourcegroup/providers/Microsoft.Network/privateDnsZones/exampleprivatednszone.postgres.database.azure.com")
.build())
.resourceGroupName("exampleresourcegroup")
.serverName("exampleserver")
.sku(SkuArgs.builder()
.name("Standard_D4ds_v5")
.tier("GeneralPurpose")
.build())
.storage(StorageArgs.builder()
.autoGrow("Disabled")
.storageSizeGB(512)
.tier("P20")
.build())
.version("16")
.build());
}
}
resources:
server:
type: azure-native:dbforpostgresql:Server
properties:
administratorLogin: administratorlogin
administratorLoginPassword: examplepassword
authConfig:
activeDirectoryAuth: Enabled
passwordAuth: Enabled
tenantId: tttttt-tttt-tttt-tttt-tttttttttttt
availabilityZone: '1'
backup:
backupRetentionDays: 7
geoRedundantBackup: Disabled
createMode: Create
dataEncryption:
type: SystemManaged
highAvailability:
mode: ZoneRedundant
location: westus
network:
delegatedSubnetResourceId: /subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.Network/virtualNetworks/examplevirtualnetwork/subnets/examplesubnet
privateDnsZoneArmResourceId: /subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourcegroups/exampleresourcegroup/providers/Microsoft.Network/privateDnsZones/exampleprivatednszone.postgres.database.azure.com
resourceGroupName: exampleresourcegroup
serverName: exampleserver
sku:
name: Standard_D4ds_v5
tier: GeneralPurpose
storage:
autoGrow: Disabled
storageSizeGB: 512
tier: P20
version: '16'
The authConfig property enables both activeDirectoryAuth and passwordAuth, allowing users to connect with either Azure AD tokens or traditional passwords. The tenantId specifies which Azure AD tenant to use for authentication. This dual-authentication approach supports gradual migration from password-based to identity-based access.
Encrypt data with customer-managed keys from Key Vault
Compliance requirements often mandate customer-managed encryption keys stored in Azure Key Vault rather than platform-managed keys.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const server = new azure_native.dbforpostgresql.Server("server", {
administratorLogin: "administratorlogin",
administratorLoginPassword: "examplepassword",
availabilityZone: "1",
backup: {
backupRetentionDays: 7,
geoRedundantBackup: azure_native.dbforpostgresql.GeoRedundantBackupEnum.Disabled,
},
createMode: azure_native.dbforpostgresql.CreateMode.Create,
dataEncryption: {
geoBackupKeyURI: "",
geoBackupUserAssignedIdentityId: "",
primaryKeyURI: "https://exampleprimarykeyvault.vault.azure.net/keys/examplekey/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
primaryUserAssignedIdentityId: "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/exampleprimaryidentity",
type: azure_native.dbforpostgresql.ArmServerKeyType.AzureKeyVault,
},
highAvailability: {
mode: azure_native.dbforpostgresql.HighAvailabilityMode.ZoneRedundant,
},
identity: {
type: azure_native.dbforpostgresql.IdentityType.UserAssigned,
userAssignedIdentities: {
"/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/exampleprimaryidentity": {},
},
},
location: "westus",
network: {
delegatedSubnetResourceId: "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.Network/virtualNetworks/examplevirtualnetwork/subnets/examplesubnet",
privateDnsZoneArmResourceId: "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourcegroups/exampleresourcegroup/providers/Microsoft.Network/privateDnsZones/exampleprivatednszone.postgres.database.azure.com",
},
resourceGroupName: "exampleresourcegroup",
serverName: "exampleserver",
sku: {
name: "Standard_D4ds_v5",
tier: azure_native.dbforpostgresql.SkuTier.GeneralPurpose,
},
storage: {
autoGrow: azure_native.dbforpostgresql.StorageAutoGrow.Disabled,
storageSizeGB: 512,
tier: azure_native.dbforpostgresql.AzureManagedDiskPerformanceTiers.P20,
},
version: azure_native.dbforpostgresql.ServerVersion.ServerVersion_16,
});
import pulumi
import pulumi_azure_native as azure_native
server = azure_native.dbforpostgresql.Server("server",
administrator_login="administratorlogin",
administrator_login_password="examplepassword",
availability_zone="1",
backup={
"backup_retention_days": 7,
"geo_redundant_backup": azure_native.dbforpostgresql.GeoRedundantBackupEnum.DISABLED,
},
create_mode=azure_native.dbforpostgresql.CreateMode.CREATE,
data_encryption={
"geo_backup_key_uri": "",
"geo_backup_user_assigned_identity_id": "",
"primary_key_uri": "https://exampleprimarykeyvault.vault.azure.net/keys/examplekey/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"primary_user_assigned_identity_id": "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/exampleprimaryidentity",
"type": azure_native.dbforpostgresql.ArmServerKeyType.AZURE_KEY_VAULT,
},
high_availability={
"mode": azure_native.dbforpostgresql.HighAvailabilityMode.ZONE_REDUNDANT,
},
identity={
"type": azure_native.dbforpostgresql.IdentityType.USER_ASSIGNED,
"user_assigned_identities": {
"/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/exampleprimaryidentity": {},
},
},
location="westus",
network={
"delegated_subnet_resource_id": "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.Network/virtualNetworks/examplevirtualnetwork/subnets/examplesubnet",
"private_dns_zone_arm_resource_id": "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourcegroups/exampleresourcegroup/providers/Microsoft.Network/privateDnsZones/exampleprivatednszone.postgres.database.azure.com",
},
resource_group_name="exampleresourcegroup",
server_name="exampleserver",
sku={
"name": "Standard_D4ds_v5",
"tier": azure_native.dbforpostgresql.SkuTier.GENERAL_PURPOSE,
},
storage={
"auto_grow": azure_native.dbforpostgresql.StorageAutoGrow.DISABLED,
"storage_size_gb": 512,
"tier": azure_native.dbforpostgresql.AzureManagedDiskPerformanceTiers.P20,
},
version=azure_native.dbforpostgresql.ServerVersion.SERVER_VERSION_16)
package main
import (
dbforpostgresql "github.com/pulumi/pulumi-azure-native-sdk/dbforpostgresql/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := dbforpostgresql.NewServer(ctx, "server", &dbforpostgresql.ServerArgs{
AdministratorLogin: pulumi.String("administratorlogin"),
AdministratorLoginPassword: pulumi.String("examplepassword"),
AvailabilityZone: pulumi.String("1"),
Backup: &dbforpostgresql.BackupTypeArgs{
BackupRetentionDays: pulumi.Int(7),
GeoRedundantBackup: pulumi.String(dbforpostgresql.GeoRedundantBackupEnumDisabled),
},
CreateMode: pulumi.String(dbforpostgresql.CreateModeCreate),
DataEncryption: &dbforpostgresql.DataEncryptionArgs{
GeoBackupKeyURI: pulumi.String(""),
GeoBackupUserAssignedIdentityId: pulumi.String(""),
PrimaryKeyURI: pulumi.String("https://exampleprimarykeyvault.vault.azure.net/keys/examplekey/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"),
PrimaryUserAssignedIdentityId: pulumi.String("/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/exampleprimaryidentity"),
Type: pulumi.String(dbforpostgresql.ArmServerKeyTypeAzureKeyVault),
},
HighAvailability: &dbforpostgresql.HighAvailabilityArgs{
Mode: pulumi.String(dbforpostgresql.HighAvailabilityModeZoneRedundant),
},
Identity: &dbforpostgresql.UserAssignedIdentityArgs{
Type: pulumi.String(dbforpostgresql.IdentityTypeUserAssigned),
UserAssignedIdentities: dbforpostgresql.UserIdentityMap{
"/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/exampleprimaryidentity": &dbforpostgresql.UserIdentityArgs{},
},
},
Location: pulumi.String("westus"),
Network: &dbforpostgresql.NetworkArgs{
DelegatedSubnetResourceId: pulumi.String("/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.Network/virtualNetworks/examplevirtualnetwork/subnets/examplesubnet"),
PrivateDnsZoneArmResourceId: pulumi.String("/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourcegroups/exampleresourcegroup/providers/Microsoft.Network/privateDnsZones/exampleprivatednszone.postgres.database.azure.com"),
},
ResourceGroupName: pulumi.String("exampleresourcegroup"),
ServerName: pulumi.String("exampleserver"),
Sku: &dbforpostgresql.SkuArgs{
Name: pulumi.String("Standard_D4ds_v5"),
Tier: pulumi.String(dbforpostgresql.SkuTierGeneralPurpose),
},
Storage: &dbforpostgresql.StorageArgs{
AutoGrow: pulumi.String(dbforpostgresql.StorageAutoGrowDisabled),
StorageSizeGB: pulumi.Int(512),
Tier: pulumi.String(dbforpostgresql.AzureManagedDiskPerformanceTiersP20),
},
Version: pulumi.String(dbforpostgresql.ServerVersion_16),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var server = new AzureNative.DBforPostgreSQL.Server("server", new()
{
AdministratorLogin = "administratorlogin",
AdministratorLoginPassword = "examplepassword",
AvailabilityZone = "1",
Backup = new AzureNative.DBforPostgreSQL.Inputs.BackupArgs
{
BackupRetentionDays = 7,
GeoRedundantBackup = AzureNative.DBforPostgreSQL.GeoRedundantBackupEnum.Disabled,
},
CreateMode = AzureNative.DBforPostgreSQL.CreateMode.Create,
DataEncryption = new AzureNative.DBforPostgreSQL.Inputs.DataEncryptionArgs
{
GeoBackupKeyURI = "",
GeoBackupUserAssignedIdentityId = "",
PrimaryKeyURI = "https://exampleprimarykeyvault.vault.azure.net/keys/examplekey/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
PrimaryUserAssignedIdentityId = "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/exampleprimaryidentity",
Type = AzureNative.DBforPostgreSQL.ArmServerKeyType.AzureKeyVault,
},
HighAvailability = new AzureNative.DBforPostgreSQL.Inputs.HighAvailabilityArgs
{
Mode = AzureNative.DBforPostgreSQL.HighAvailabilityMode.ZoneRedundant,
},
Identity = new AzureNative.DBforPostgreSQL.Inputs.UserAssignedIdentityArgs
{
Type = AzureNative.DBforPostgreSQL.IdentityType.UserAssigned,
UserAssignedIdentities =
{
{ "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/exampleprimaryidentity", null },
},
},
Location = "westus",
Network = new AzureNative.DBforPostgreSQL.Inputs.NetworkArgs
{
DelegatedSubnetResourceId = "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.Network/virtualNetworks/examplevirtualnetwork/subnets/examplesubnet",
PrivateDnsZoneArmResourceId = "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourcegroups/exampleresourcegroup/providers/Microsoft.Network/privateDnsZones/exampleprivatednszone.postgres.database.azure.com",
},
ResourceGroupName = "exampleresourcegroup",
ServerName = "exampleserver",
Sku = new AzureNative.DBforPostgreSQL.Inputs.SkuArgs
{
Name = "Standard_D4ds_v5",
Tier = AzureNative.DBforPostgreSQL.SkuTier.GeneralPurpose,
},
Storage = new AzureNative.DBforPostgreSQL.Inputs.StorageArgs
{
AutoGrow = AzureNative.DBforPostgreSQL.StorageAutoGrow.Disabled,
StorageSizeGB = 512,
Tier = AzureNative.DBforPostgreSQL.AzureManagedDiskPerformanceTiers.P20,
},
Version = AzureNative.DBforPostgreSQL.ServerVersion.ServerVersion_16,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.dbforpostgresql.Server;
import com.pulumi.azurenative.dbforpostgresql.ServerArgs;
import com.pulumi.azurenative.dbforpostgresql.inputs.BackupArgs;
import com.pulumi.azurenative.dbforpostgresql.inputs.DataEncryptionArgs;
import com.pulumi.azurenative.dbforpostgresql.inputs.HighAvailabilityArgs;
import com.pulumi.azurenative.dbforpostgresql.inputs.UserAssignedIdentityArgs;
import com.pulumi.azurenative.dbforpostgresql.inputs.NetworkArgs;
import com.pulumi.azurenative.dbforpostgresql.inputs.SkuArgs;
import com.pulumi.azurenative.dbforpostgresql.inputs.StorageArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var server = new Server("server", ServerArgs.builder()
.administratorLogin("administratorlogin")
.administratorLoginPassword("examplepassword")
.availabilityZone("1")
.backup(BackupArgs.builder()
.backupRetentionDays(7)
.geoRedundantBackup("Disabled")
.build())
.createMode("Create")
.dataEncryption(DataEncryptionArgs.builder()
.geoBackupKeyURI("")
.geoBackupUserAssignedIdentityId("")
.primaryKeyURI("https://exampleprimarykeyvault.vault.azure.net/keys/examplekey/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx")
.primaryUserAssignedIdentityId("/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/exampleprimaryidentity")
.type("AzureKeyVault")
.build())
.highAvailability(HighAvailabilityArgs.builder()
.mode("ZoneRedundant")
.build())
.identity(UserAssignedIdentityArgs.builder()
.type("UserAssigned")
.userAssignedIdentities(Map.of("/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/exampleprimaryidentity", UserIdentityArgs.builder()
.build()))
.build())
.location("westus")
.network(NetworkArgs.builder()
.delegatedSubnetResourceId("/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.Network/virtualNetworks/examplevirtualnetwork/subnets/examplesubnet")
.privateDnsZoneArmResourceId("/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourcegroups/exampleresourcegroup/providers/Microsoft.Network/privateDnsZones/exampleprivatednszone.postgres.database.azure.com")
.build())
.resourceGroupName("exampleresourcegroup")
.serverName("exampleserver")
.sku(SkuArgs.builder()
.name("Standard_D4ds_v5")
.tier("GeneralPurpose")
.build())
.storage(StorageArgs.builder()
.autoGrow("Disabled")
.storageSizeGB(512)
.tier("P20")
.build())
.version("16")
.build());
}
}
resources:
server:
type: azure-native:dbforpostgresql:Server
properties:
administratorLogin: administratorlogin
administratorLoginPassword: examplepassword
availabilityZone: '1'
backup:
backupRetentionDays: 7
geoRedundantBackup: Disabled
createMode: Create
dataEncryption:
geoBackupKeyURI: ""
geoBackupUserAssignedIdentityId: ""
primaryKeyURI: https://exampleprimarykeyvault.vault.azure.net/keys/examplekey/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
primaryUserAssignedIdentityId: /subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/exampleprimaryidentity
type: AzureKeyVault
highAvailability:
mode: ZoneRedundant
identity:
type: UserAssigned
userAssignedIdentities:
? /subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/exampleprimaryidentity
: {}
location: westus
network:
delegatedSubnetResourceId: /subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.Network/virtualNetworks/examplevirtualnetwork/subnets/examplesubnet
privateDnsZoneArmResourceId: /subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourcegroups/exampleresourcegroup/providers/Microsoft.Network/privateDnsZones/exampleprivatednszone.postgres.database.azure.com
resourceGroupName: exampleresourcegroup
serverName: exampleserver
sku:
name: Standard_D4ds_v5
tier: GeneralPurpose
storage:
autoGrow: Disabled
storageSizeGB: 512
tier: P20
version: '16'
The dataEncryption property configures customer-managed encryption by specifying primaryKeyURI (the Key Vault key location) and primaryUserAssignedIdentityId (the managed identity that accesses the key). The identity property assigns the managed identity to the server. The server uses this identity to retrieve the encryption key from Key Vault at runtime. Without geoBackupKeyURI, geo-redundant backups use platform-managed encryption.
Restore from a point-in-time backup
Database recovery workflows often need to restore a server to a specific timestamp, recovering from accidental data changes or corruption.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const server = new azure_native.dbforpostgresql.Server("server", {
createMode: azure_native.dbforpostgresql.CreateMode.PointInTimeRestore,
location: "westus",
pointInTimeUTC: "2024-08-01T18:35:22.123456Z",
resourceGroupName: "exampleresourcegroup",
serverName: "exampleserver",
sourceServerResourceId: "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.DBforPostgreSQL/flexibleServers/examplesourceserver",
});
import pulumi
import pulumi_azure_native as azure_native
server = azure_native.dbforpostgresql.Server("server",
create_mode=azure_native.dbforpostgresql.CreateMode.POINT_IN_TIME_RESTORE,
location="westus",
point_in_time_utc="2024-08-01T18:35:22.123456Z",
resource_group_name="exampleresourcegroup",
server_name="exampleserver",
source_server_resource_id="/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.DBforPostgreSQL/flexibleServers/examplesourceserver")
package main
import (
dbforpostgresql "github.com/pulumi/pulumi-azure-native-sdk/dbforpostgresql/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := dbforpostgresql.NewServer(ctx, "server", &dbforpostgresql.ServerArgs{
CreateMode: pulumi.String(dbforpostgresql.CreateModePointInTimeRestore),
Location: pulumi.String("westus"),
PointInTimeUTC: pulumi.String("2024-08-01T18:35:22.123456Z"),
ResourceGroupName: pulumi.String("exampleresourcegroup"),
ServerName: pulumi.String("exampleserver"),
SourceServerResourceId: pulumi.String("/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.DBforPostgreSQL/flexibleServers/examplesourceserver"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var server = new AzureNative.DBforPostgreSQL.Server("server", new()
{
CreateMode = AzureNative.DBforPostgreSQL.CreateMode.PointInTimeRestore,
Location = "westus",
PointInTimeUTC = "2024-08-01T18:35:22.123456Z",
ResourceGroupName = "exampleresourcegroup",
ServerName = "exampleserver",
SourceServerResourceId = "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.DBforPostgreSQL/flexibleServers/examplesourceserver",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.dbforpostgresql.Server;
import com.pulumi.azurenative.dbforpostgresql.ServerArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var server = new Server("server", ServerArgs.builder()
.createMode("PointInTimeRestore")
.location("westus")
.pointInTimeUTC("2024-08-01T18:35:22.123456Z")
.resourceGroupName("exampleresourcegroup")
.serverName("exampleserver")
.sourceServerResourceId("/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.DBforPostgreSQL/flexibleServers/examplesourceserver")
.build());
}
}
resources:
server:
type: azure-native:dbforpostgresql:Server
properties:
createMode: PointInTimeRestore
location: westus
pointInTimeUTC: 2024-08-01T18:35:22.123456Z
resourceGroupName: exampleresourcegroup
serverName: exampleserver
sourceServerResourceId: /subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.DBforPostgreSQL/flexibleServers/examplesourceserver
The createMode property set to PointInTimeRestore tells Azure to create a new server from a backup. The pointInTimeUTC property specifies the exact timestamp to restore to (must fall within the source server’s backup retention window). The sourceServerResourceId identifies which server’s backups to use. The restored server inherits compute, storage, and network configuration from the source server at the specified point in time.
Create a read replica for scaling read workloads
Read-heavy applications benefit from read replicas that offload query traffic from the primary server while maintaining near-real-time data synchronization.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const server = new azure_native.dbforpostgresql.Server("server", {
createMode: azure_native.dbforpostgresql.CreateMode.Replica,
dataEncryption: {
geoBackupKeyURI: "",
geoBackupUserAssignedIdentityId: "",
primaryKeyURI: "https://exampleprimarykeyvault.vault.azure.net/keys/examplekey/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
primaryUserAssignedIdentityId: "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/exampleprimaryidentity",
type: azure_native.dbforpostgresql.ArmServerKeyType.AzureKeyVault,
},
identity: {
type: azure_native.dbforpostgresql.IdentityType.UserAssigned,
userAssignedIdentities: {
"/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/exampleprimaryidentity": {},
},
},
location: "westus",
pointInTimeUTC: "2024-08-01T18:35:22.123456Z",
resourceGroupName: "exampleresourcegroup",
serverName: "exampleserver",
sourceServerResourceId: "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.DBforPostgreSQL/flexibleServers/examplesourceserver",
});
import pulumi
import pulumi_azure_native as azure_native
server = azure_native.dbforpostgresql.Server("server",
create_mode=azure_native.dbforpostgresql.CreateMode.REPLICA,
data_encryption={
"geo_backup_key_uri": "",
"geo_backup_user_assigned_identity_id": "",
"primary_key_uri": "https://exampleprimarykeyvault.vault.azure.net/keys/examplekey/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"primary_user_assigned_identity_id": "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/exampleprimaryidentity",
"type": azure_native.dbforpostgresql.ArmServerKeyType.AZURE_KEY_VAULT,
},
identity={
"type": azure_native.dbforpostgresql.IdentityType.USER_ASSIGNED,
"user_assigned_identities": {
"/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/exampleprimaryidentity": {},
},
},
location="westus",
point_in_time_utc="2024-08-01T18:35:22.123456Z",
resource_group_name="exampleresourcegroup",
server_name="exampleserver",
source_server_resource_id="/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.DBforPostgreSQL/flexibleServers/examplesourceserver")
package main
import (
dbforpostgresql "github.com/pulumi/pulumi-azure-native-sdk/dbforpostgresql/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := dbforpostgresql.NewServer(ctx, "server", &dbforpostgresql.ServerArgs{
CreateMode: pulumi.String(dbforpostgresql.CreateModeReplica),
DataEncryption: &dbforpostgresql.DataEncryptionArgs{
GeoBackupKeyURI: pulumi.String(""),
GeoBackupUserAssignedIdentityId: pulumi.String(""),
PrimaryKeyURI: pulumi.String("https://exampleprimarykeyvault.vault.azure.net/keys/examplekey/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"),
PrimaryUserAssignedIdentityId: pulumi.String("/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/exampleprimaryidentity"),
Type: pulumi.String(dbforpostgresql.ArmServerKeyTypeAzureKeyVault),
},
Identity: &dbforpostgresql.UserAssignedIdentityArgs{
Type: pulumi.String(dbforpostgresql.IdentityTypeUserAssigned),
UserAssignedIdentities: dbforpostgresql.UserIdentityMap{
"/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/exampleprimaryidentity": &dbforpostgresql.UserIdentityArgs{},
},
},
Location: pulumi.String("westus"),
PointInTimeUTC: pulumi.String("2024-08-01T18:35:22.123456Z"),
ResourceGroupName: pulumi.String("exampleresourcegroup"),
ServerName: pulumi.String("exampleserver"),
SourceServerResourceId: pulumi.String("/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.DBforPostgreSQL/flexibleServers/examplesourceserver"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var server = new AzureNative.DBforPostgreSQL.Server("server", new()
{
CreateMode = AzureNative.DBforPostgreSQL.CreateMode.Replica,
DataEncryption = new AzureNative.DBforPostgreSQL.Inputs.DataEncryptionArgs
{
GeoBackupKeyURI = "",
GeoBackupUserAssignedIdentityId = "",
PrimaryKeyURI = "https://exampleprimarykeyvault.vault.azure.net/keys/examplekey/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
PrimaryUserAssignedIdentityId = "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/exampleprimaryidentity",
Type = AzureNative.DBforPostgreSQL.ArmServerKeyType.AzureKeyVault,
},
Identity = new AzureNative.DBforPostgreSQL.Inputs.UserAssignedIdentityArgs
{
Type = AzureNative.DBforPostgreSQL.IdentityType.UserAssigned,
UserAssignedIdentities =
{
{ "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/exampleprimaryidentity", null },
},
},
Location = "westus",
PointInTimeUTC = "2024-08-01T18:35:22.123456Z",
ResourceGroupName = "exampleresourcegroup",
ServerName = "exampleserver",
SourceServerResourceId = "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.DBforPostgreSQL/flexibleServers/examplesourceserver",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.dbforpostgresql.Server;
import com.pulumi.azurenative.dbforpostgresql.ServerArgs;
import com.pulumi.azurenative.dbforpostgresql.inputs.DataEncryptionArgs;
import com.pulumi.azurenative.dbforpostgresql.inputs.UserAssignedIdentityArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var server = new Server("server", ServerArgs.builder()
.createMode("Replica")
.dataEncryption(DataEncryptionArgs.builder()
.geoBackupKeyURI("")
.geoBackupUserAssignedIdentityId("")
.primaryKeyURI("https://exampleprimarykeyvault.vault.azure.net/keys/examplekey/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx")
.primaryUserAssignedIdentityId("/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/exampleprimaryidentity")
.type("AzureKeyVault")
.build())
.identity(UserAssignedIdentityArgs.builder()
.type("UserAssigned")
.userAssignedIdentities(Map.of("/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/exampleprimaryidentity", UserIdentityArgs.builder()
.build()))
.build())
.location("westus")
.pointInTimeUTC("2024-08-01T18:35:22.123456Z")
.resourceGroupName("exampleresourcegroup")
.serverName("exampleserver")
.sourceServerResourceId("/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.DBforPostgreSQL/flexibleServers/examplesourceserver")
.build());
}
}
resources:
server:
type: azure-native:dbforpostgresql:Server
properties:
createMode: Replica
dataEncryption:
geoBackupKeyURI: ""
geoBackupUserAssignedIdentityId: ""
primaryKeyURI: https://exampleprimarykeyvault.vault.azure.net/keys/examplekey/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
primaryUserAssignedIdentityId: /subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/exampleprimaryidentity
type: AzureKeyVault
identity:
type: UserAssigned
userAssignedIdentities:
? /subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/exampleprimaryidentity
: {}
location: westus
pointInTimeUTC: 2024-08-01T18:35:22.123456Z
resourceGroupName: exampleresourcegroup
serverName: exampleserver
sourceServerResourceId: /subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.DBforPostgreSQL/flexibleServers/examplesourceserver
The createMode property set to Replica creates a read-only copy that continuously replicates from the source server. The sourceServerResourceId identifies the primary server. The replica inherits encryption configuration from the source server, including customer-managed keys if configured. Replicas can be promoted to independent servers later by changing the replicationRole property.
Beyond these examples
These snippets focus on specific server-level features: server creation with compute, storage, and networking, high availability and backup configuration, authentication methods and encryption options, and point-in-time restore and read replicas. They’re intentionally minimal rather than full database deployments.
The examples may reference pre-existing infrastructure such as virtual network subnets and private DNS zones, Azure Key Vault and managed identities for encryption, and source servers for restore and replica operations. They focus on configuring the server rather than provisioning everything around it.
To keep things focused, common server patterns are omitted, including:
- Maintenance window scheduling (maintenanceWindow)
- Geo-redundant backup configuration details
- Replica promotion and replication role changes
- Server parameter configuration and extensions
These omissions are intentional: the goal is to illustrate how each server feature is wired, not provide drop-in database modules. See the PostgreSQL Server resource reference for all available configuration options.
Let's deploy Azure Database for PostgreSQL Servers
Get started with Pulumi Cloud, then follow our quick setup guide to deploy this infrastructure.
Try Pulumi Cloud for FREEFrequently Asked Questions
Server Creation & Restore
What are the different ways to create a PostgreSQL flexible server?
You can create a server using five different modes via createMode:
- Create - New server from scratch
- PointInTimeRestore - Restore from a backup at a specific time
- GeoRestore - Restore from a geo-redundant backup
- ReviveDropped - Restore a recently deleted server
- Replica - Create a read replica of an existing server
How do I restore a deleted PostgreSQL flexible server?
Set
createMode to ReviveDropped, provide sourceServerResourceId pointing to the deleted server, and specify pointInTimeUTC with the restore timestamp.What's required for point-in-time restore or geo-restore?
Both require
sourceServerResourceId (the source server) and pointInTimeUTC (the backup timestamp). Use createMode: PointInTimeRestore for same-region restore or createMode: GeoRestore for cross-region restore from geo-redundant backups.How do I create a read replica?
Set
createMode to Replica and provide sourceServerResourceId pointing to the primary server. The replica inherits configuration from the primary.Data Encryption & Security
How do I enable customer-managed key encryption?
Configure
dataEncryption with type: AzureKeyVault, primaryKeyURI (your Key Vault key), and primaryUserAssignedIdentityId. Add the same identity to identity.userAssignedIdentities. For geo-redundant backups, also provide geoBackupKeyURI and geoBackupUserAssignedIdentityId.How do I enable Microsoft Entra authentication?
Configure
authConfig with activeDirectoryAuth: Enabled, passwordAuth: Enabled (or Disabled), and tenantId set to your Azure AD tenant ID.Networking & Connectivity
How do I integrate my server with a virtual network?
Configure
network with delegatedSubnetResourceId (your subnet) and privateDnsZoneArmResourceId (your private DNS zone). The server will be accessible only within the VNet.High Availability & Backup
How do I enable zone-redundant high availability?
Set
highAvailability.mode to ZoneRedundant. This deploys a standby replica in a different availability zone.How do I configure backup retention and geo-redundancy?
Use
backup.backupRetentionDays (7 days in examples) and backup.geoRedundantBackup set to Enabled or Disabled. Geo-redundant backups enable cross-region restore.Configuration & Limits
What properties can't be changed after server creation?
These properties are immutable:
location, administratorLogin, availabilityZone, createMode, pointInTimeUTC, sourceServerResourceId, resourceGroupName, and serverName.Can I change the administrator login after creation?
No,
administratorLogin is immutable. Once set, it cannot be changed for the life of the server. However, you can change the administratorLoginPassword at any time while password authentication is enabled.What compute and storage options are available?
Configure
sku with name (e.g., Standard_D4ds_v5) and tier (e.g., GeneralPurpose). For storage, set storage.storageSizeGB (512 in examples), storage.tier (e.g., P20), and storage.autoGrow (Enabled or Disabled).