The azure-native:dbforpostgresql:Server resource, part of the Pulumi Azure Native provider, provisions Azure Database for PostgreSQL flexible servers with configurable compute, storage, networking, and high availability. This guide focuses on six capabilities: high availability deployment modes, VNet integration for network isolation, backup and restore operations, Microsoft Entra authentication, customer-managed encryption keys, and read replica configuration.
Servers may reference virtual networks, Key Vaults, managed identities, or source servers depending on configuration. The examples are intentionally small. Combine them with your own networking, identity, and backup infrastructure.
Deploy with zone-redundant high availability
Production workloads often require high availability to survive datacenter failures. Zone-redundant configuration places a standby replica in a different availability zone, providing automatic failover when the primary zone experiences an outage.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const server = new azure_native.dbforpostgresql.Server("server", {
administratorLogin: "exampleadministratorlogin",
administratorLoginPassword: "examplepassword",
availabilityZone: "1",
backup: {
backupRetentionDays: 7,
geoRedundantBackup: azure_native.dbforpostgresql.GeographicallyRedundantBackup.Enabled,
},
createMode: azure_native.dbforpostgresql.CreateMode.Create,
highAvailability: {
mode: azure_native.dbforpostgresql.PostgreSqlFlexibleServerHighAvailabilityMode.ZoneRedundant,
},
location: "eastus",
network: {
publicNetworkAccess: azure_native.dbforpostgresql.ServerPublicNetworkAccessState.Enabled,
},
resourceGroupName: "exampleresourcegroup",
serverName: "exampleserver",
sku: {
name: "Standard_D4ds_v5",
tier: azure_native.dbforpostgresql.SkuTier.GeneralPurpose,
},
storage: {
autoGrow: azure_native.dbforpostgresql.StorageAutoGrow.Disabled,
storageSizeGB: 512,
tier: azure_native.dbforpostgresql.AzureManagedDiskPerformanceTier.P20,
},
tags: {
InCustomerVnet: "false",
InMicrosoftVnet: "true",
},
version: azure_native.dbforpostgresql.PostgresMajorVersion.PostgresMajorVersion_17,
});
import pulumi
import pulumi_azure_native as azure_native
server = azure_native.dbforpostgresql.Server("server",
administrator_login="exampleadministratorlogin",
administrator_login_password="examplepassword",
availability_zone="1",
backup={
"backup_retention_days": 7,
"geo_redundant_backup": azure_native.dbforpostgresql.GeographicallyRedundantBackup.ENABLED,
},
create_mode=azure_native.dbforpostgresql.CreateMode.CREATE,
high_availability={
"mode": azure_native.dbforpostgresql.PostgreSqlFlexibleServerHighAvailabilityMode.ZONE_REDUNDANT,
},
location="eastus",
network={
"public_network_access": azure_native.dbforpostgresql.ServerPublicNetworkAccessState.ENABLED,
},
resource_group_name="exampleresourcegroup",
server_name="exampleserver",
sku={
"name": "Standard_D4ds_v5",
"tier": azure_native.dbforpostgresql.SkuTier.GENERAL_PURPOSE,
},
storage={
"auto_grow": azure_native.dbforpostgresql.StorageAutoGrow.DISABLED,
"storage_size_gb": 512,
"tier": azure_native.dbforpostgresql.AzureManagedDiskPerformanceTier.P20,
},
tags={
"InCustomerVnet": "false",
"InMicrosoftVnet": "true",
},
version=azure_native.dbforpostgresql.PostgresMajorVersion.POSTGRES_MAJOR_VERSION_17)
package main
import (
dbforpostgresql "github.com/pulumi/pulumi-azure-native-sdk/dbforpostgresql/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := dbforpostgresql.NewServer(ctx, "server", &dbforpostgresql.ServerArgs{
AdministratorLogin: pulumi.String("exampleadministratorlogin"),
AdministratorLoginPassword: pulumi.String("examplepassword"),
AvailabilityZone: pulumi.String("1"),
Backup: &dbforpostgresql.BackupTypeArgs{
BackupRetentionDays: pulumi.Int(7),
GeoRedundantBackup: pulumi.String(dbforpostgresql.GeographicallyRedundantBackupEnabled),
},
CreateMode: pulumi.String(dbforpostgresql.CreateModeCreate),
HighAvailability: &dbforpostgresql.HighAvailabilityArgs{
Mode: pulumi.String(dbforpostgresql.PostgreSqlFlexibleServerHighAvailabilityModeZoneRedundant),
},
Location: pulumi.String("eastus"),
Network: &dbforpostgresql.NetworkArgs{
PublicNetworkAccess: pulumi.String(dbforpostgresql.ServerPublicNetworkAccessStateEnabled),
},
ResourceGroupName: pulumi.String("exampleresourcegroup"),
ServerName: pulumi.String("exampleserver"),
Sku: &dbforpostgresql.SkuArgs{
Name: pulumi.String("Standard_D4ds_v5"),
Tier: pulumi.String(dbforpostgresql.SkuTierGeneralPurpose),
},
Storage: &dbforpostgresql.StorageArgs{
AutoGrow: pulumi.String(dbforpostgresql.StorageAutoGrowDisabled),
StorageSizeGB: pulumi.Int(512),
Tier: pulumi.String(dbforpostgresql.AzureManagedDiskPerformanceTierP20),
},
Tags: pulumi.StringMap{
"InCustomerVnet": pulumi.String("false"),
"InMicrosoftVnet": pulumi.String("true"),
},
Version: pulumi.String(dbforpostgresql.PostgresMajorVersion_17),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var server = new AzureNative.DBforPostgreSQL.Server("server", new()
{
AdministratorLogin = "exampleadministratorlogin",
AdministratorLoginPassword = "examplepassword",
AvailabilityZone = "1",
Backup = new AzureNative.DBforPostgreSQL.Inputs.BackupArgs
{
BackupRetentionDays = 7,
GeoRedundantBackup = AzureNative.DBforPostgreSQL.GeographicallyRedundantBackup.Enabled,
},
CreateMode = AzureNative.DBforPostgreSQL.CreateMode.Create,
HighAvailability = new AzureNative.DBforPostgreSQL.Inputs.HighAvailabilityArgs
{
Mode = AzureNative.DBforPostgreSQL.PostgreSqlFlexibleServerHighAvailabilityMode.ZoneRedundant,
},
Location = "eastus",
Network = new AzureNative.DBforPostgreSQL.Inputs.NetworkArgs
{
PublicNetworkAccess = AzureNative.DBforPostgreSQL.ServerPublicNetworkAccessState.Enabled,
},
ResourceGroupName = "exampleresourcegroup",
ServerName = "exampleserver",
Sku = new AzureNative.DBforPostgreSQL.Inputs.SkuArgs
{
Name = "Standard_D4ds_v5",
Tier = AzureNative.DBforPostgreSQL.SkuTier.GeneralPurpose,
},
Storage = new AzureNative.DBforPostgreSQL.Inputs.StorageArgs
{
AutoGrow = AzureNative.DBforPostgreSQL.StorageAutoGrow.Disabled,
StorageSizeGB = 512,
Tier = AzureNative.DBforPostgreSQL.AzureManagedDiskPerformanceTier.P20,
},
Tags =
{
{ "InCustomerVnet", "false" },
{ "InMicrosoftVnet", "true" },
},
Version = AzureNative.DBforPostgreSQL.PostgresMajorVersion.PostgresMajorVersion_17,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.dbforpostgresql.Server;
import com.pulumi.azurenative.dbforpostgresql.ServerArgs;
import com.pulumi.azurenative.dbforpostgresql.inputs.BackupArgs;
import com.pulumi.azurenative.dbforpostgresql.inputs.HighAvailabilityArgs;
import com.pulumi.azurenative.dbforpostgresql.inputs.NetworkArgs;
import com.pulumi.azurenative.dbforpostgresql.inputs.SkuArgs;
import com.pulumi.azurenative.dbforpostgresql.inputs.StorageArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var server = new Server("server", ServerArgs.builder()
.administratorLogin("exampleadministratorlogin")
.administratorLoginPassword("examplepassword")
.availabilityZone("1")
.backup(BackupArgs.builder()
.backupRetentionDays(7)
.geoRedundantBackup("Enabled")
.build())
.createMode("Create")
.highAvailability(HighAvailabilityArgs.builder()
.mode("ZoneRedundant")
.build())
.location("eastus")
.network(NetworkArgs.builder()
.publicNetworkAccess("Enabled")
.build())
.resourceGroupName("exampleresourcegroup")
.serverName("exampleserver")
.sku(SkuArgs.builder()
.name("Standard_D4ds_v5")
.tier("GeneralPurpose")
.build())
.storage(StorageArgs.builder()
.autoGrow("Disabled")
.storageSizeGB(512)
.tier("P20")
.build())
.tags(Map.ofEntries(
Map.entry("InCustomerVnet", "false"),
Map.entry("InMicrosoftVnet", "true")
))
.version("17")
.build());
}
}
resources:
server:
type: azure-native:dbforpostgresql:Server
properties:
administratorLogin: exampleadministratorlogin
administratorLoginPassword: examplepassword
availabilityZone: '1'
backup:
backupRetentionDays: 7
geoRedundantBackup: Enabled
createMode: Create
highAvailability:
mode: ZoneRedundant
location: eastus
network:
publicNetworkAccess: Enabled
resourceGroupName: exampleresourcegroup
serverName: exampleserver
sku:
name: Standard_D4ds_v5
tier: GeneralPurpose
storage:
autoGrow: Disabled
storageSizeGB: 512
tier: P20
tags:
InCustomerVnet: 'false'
InMicrosoftVnet: 'true'
version: '17'
The highAvailability property controls failover behavior. Setting mode to ZoneRedundant deploys a standby replica in a different availability zone from the primary (specified by availabilityZone). When the primary zone fails, Azure automatically promotes the standby. The backup property configures retention and geo-redundancy; geoRedundantBackup set to Enabled copies backups to a paired region for disaster recovery.
Deploy into a private virtual network
Applications that require network isolation deploy PostgreSQL servers into customer-managed virtual networks, restricting database access to resources within the VNet.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const server = new azure_native.dbforpostgresql.Server("server", {
administratorLogin: "exampleadministratorlogin",
administratorLoginPassword: "examplepassword",
availabilityZone: "1",
backup: {
backupRetentionDays: 7,
geoRedundantBackup: azure_native.dbforpostgresql.GeographicallyRedundantBackup.Enabled,
},
createMode: azure_native.dbforpostgresql.CreateMode.Create,
highAvailability: {
mode: azure_native.dbforpostgresql.PostgreSqlFlexibleServerHighAvailabilityMode.SameZone,
},
location: "eastus",
network: {
delegatedSubnetResourceId: "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.Network/virtualNetworks/examplevirtualnetwork/subnets/examplesubnet",
privateDnsZoneArmResourceId: "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.Network/privateDnsZones/exampleprivatednszone.private.postgres.database",
},
resourceGroupName: "exampleresourcegroup",
serverName: "exampleserver",
sku: {
name: "Standard_D4ds_v5",
tier: azure_native.dbforpostgresql.SkuTier.GeneralPurpose,
},
storage: {
autoGrow: azure_native.dbforpostgresql.StorageAutoGrow.Disabled,
storageSizeGB: 512,
tier: azure_native.dbforpostgresql.AzureManagedDiskPerformanceTier.P20,
},
tags: {
InCustomerVnet: "true",
InMicrosoftVnet: "false",
},
version: azure_native.dbforpostgresql.PostgresMajorVersion.PostgresMajorVersion_17,
});
import pulumi
import pulumi_azure_native as azure_native
server = azure_native.dbforpostgresql.Server("server",
administrator_login="exampleadministratorlogin",
administrator_login_password="examplepassword",
availability_zone="1",
backup={
"backup_retention_days": 7,
"geo_redundant_backup": azure_native.dbforpostgresql.GeographicallyRedundantBackup.ENABLED,
},
create_mode=azure_native.dbforpostgresql.CreateMode.CREATE,
high_availability={
"mode": azure_native.dbforpostgresql.PostgreSqlFlexibleServerHighAvailabilityMode.SAME_ZONE,
},
location="eastus",
network={
"delegated_subnet_resource_id": "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.Network/virtualNetworks/examplevirtualnetwork/subnets/examplesubnet",
"private_dns_zone_arm_resource_id": "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.Network/privateDnsZones/exampleprivatednszone.private.postgres.database",
},
resource_group_name="exampleresourcegroup",
server_name="exampleserver",
sku={
"name": "Standard_D4ds_v5",
"tier": azure_native.dbforpostgresql.SkuTier.GENERAL_PURPOSE,
},
storage={
"auto_grow": azure_native.dbforpostgresql.StorageAutoGrow.DISABLED,
"storage_size_gb": 512,
"tier": azure_native.dbforpostgresql.AzureManagedDiskPerformanceTier.P20,
},
tags={
"InCustomerVnet": "true",
"InMicrosoftVnet": "false",
},
version=azure_native.dbforpostgresql.PostgresMajorVersion.POSTGRES_MAJOR_VERSION_17)
package main
import (
dbforpostgresql "github.com/pulumi/pulumi-azure-native-sdk/dbforpostgresql/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := dbforpostgresql.NewServer(ctx, "server", &dbforpostgresql.ServerArgs{
AdministratorLogin: pulumi.String("exampleadministratorlogin"),
AdministratorLoginPassword: pulumi.String("examplepassword"),
AvailabilityZone: pulumi.String("1"),
Backup: &dbforpostgresql.BackupTypeArgs{
BackupRetentionDays: pulumi.Int(7),
GeoRedundantBackup: pulumi.String(dbforpostgresql.GeographicallyRedundantBackupEnabled),
},
CreateMode: pulumi.String(dbforpostgresql.CreateModeCreate),
HighAvailability: &dbforpostgresql.HighAvailabilityArgs{
Mode: pulumi.String(dbforpostgresql.PostgreSqlFlexibleServerHighAvailabilityModeSameZone),
},
Location: pulumi.String("eastus"),
Network: &dbforpostgresql.NetworkArgs{
DelegatedSubnetResourceId: pulumi.String("/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.Network/virtualNetworks/examplevirtualnetwork/subnets/examplesubnet"),
PrivateDnsZoneArmResourceId: pulumi.String("/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.Network/privateDnsZones/exampleprivatednszone.private.postgres.database"),
},
ResourceGroupName: pulumi.String("exampleresourcegroup"),
ServerName: pulumi.String("exampleserver"),
Sku: &dbforpostgresql.SkuArgs{
Name: pulumi.String("Standard_D4ds_v5"),
Tier: pulumi.String(dbforpostgresql.SkuTierGeneralPurpose),
},
Storage: &dbforpostgresql.StorageArgs{
AutoGrow: pulumi.String(dbforpostgresql.StorageAutoGrowDisabled),
StorageSizeGB: pulumi.Int(512),
Tier: pulumi.String(dbforpostgresql.AzureManagedDiskPerformanceTierP20),
},
Tags: pulumi.StringMap{
"InCustomerVnet": pulumi.String("true"),
"InMicrosoftVnet": pulumi.String("false"),
},
Version: pulumi.String(dbforpostgresql.PostgresMajorVersion_17),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var server = new AzureNative.DBforPostgreSQL.Server("server", new()
{
AdministratorLogin = "exampleadministratorlogin",
AdministratorLoginPassword = "examplepassword",
AvailabilityZone = "1",
Backup = new AzureNative.DBforPostgreSQL.Inputs.BackupArgs
{
BackupRetentionDays = 7,
GeoRedundantBackup = AzureNative.DBforPostgreSQL.GeographicallyRedundantBackup.Enabled,
},
CreateMode = AzureNative.DBforPostgreSQL.CreateMode.Create,
HighAvailability = new AzureNative.DBforPostgreSQL.Inputs.HighAvailabilityArgs
{
Mode = AzureNative.DBforPostgreSQL.PostgreSqlFlexibleServerHighAvailabilityMode.SameZone,
},
Location = "eastus",
Network = new AzureNative.DBforPostgreSQL.Inputs.NetworkArgs
{
DelegatedSubnetResourceId = "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.Network/virtualNetworks/examplevirtualnetwork/subnets/examplesubnet",
PrivateDnsZoneArmResourceId = "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.Network/privateDnsZones/exampleprivatednszone.private.postgres.database",
},
ResourceGroupName = "exampleresourcegroup",
ServerName = "exampleserver",
Sku = new AzureNative.DBforPostgreSQL.Inputs.SkuArgs
{
Name = "Standard_D4ds_v5",
Tier = AzureNative.DBforPostgreSQL.SkuTier.GeneralPurpose,
},
Storage = new AzureNative.DBforPostgreSQL.Inputs.StorageArgs
{
AutoGrow = AzureNative.DBforPostgreSQL.StorageAutoGrow.Disabled,
StorageSizeGB = 512,
Tier = AzureNative.DBforPostgreSQL.AzureManagedDiskPerformanceTier.P20,
},
Tags =
{
{ "InCustomerVnet", "true" },
{ "InMicrosoftVnet", "false" },
},
Version = AzureNative.DBforPostgreSQL.PostgresMajorVersion.PostgresMajorVersion_17,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.dbforpostgresql.Server;
import com.pulumi.azurenative.dbforpostgresql.ServerArgs;
import com.pulumi.azurenative.dbforpostgresql.inputs.BackupArgs;
import com.pulumi.azurenative.dbforpostgresql.inputs.HighAvailabilityArgs;
import com.pulumi.azurenative.dbforpostgresql.inputs.NetworkArgs;
import com.pulumi.azurenative.dbforpostgresql.inputs.SkuArgs;
import com.pulumi.azurenative.dbforpostgresql.inputs.StorageArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var server = new Server("server", ServerArgs.builder()
.administratorLogin("exampleadministratorlogin")
.administratorLoginPassword("examplepassword")
.availabilityZone("1")
.backup(BackupArgs.builder()
.backupRetentionDays(7)
.geoRedundantBackup("Enabled")
.build())
.createMode("Create")
.highAvailability(HighAvailabilityArgs.builder()
.mode("SameZone")
.build())
.location("eastus")
.network(NetworkArgs.builder()
.delegatedSubnetResourceId("/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.Network/virtualNetworks/examplevirtualnetwork/subnets/examplesubnet")
.privateDnsZoneArmResourceId("/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.Network/privateDnsZones/exampleprivatednszone.private.postgres.database")
.build())
.resourceGroupName("exampleresourcegroup")
.serverName("exampleserver")
.sku(SkuArgs.builder()
.name("Standard_D4ds_v5")
.tier("GeneralPurpose")
.build())
.storage(StorageArgs.builder()
.autoGrow("Disabled")
.storageSizeGB(512)
.tier("P20")
.build())
.tags(Map.ofEntries(
Map.entry("InCustomerVnet", "true"),
Map.entry("InMicrosoftVnet", "false")
))
.version("17")
.build());
}
}
resources:
server:
type: azure-native:dbforpostgresql:Server
properties:
administratorLogin: exampleadministratorlogin
administratorLoginPassword: examplepassword
availabilityZone: '1'
backup:
backupRetentionDays: 7
geoRedundantBackup: Enabled
createMode: Create
highAvailability:
mode: SameZone
location: eastus
network:
delegatedSubnetResourceId: /subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.Network/virtualNetworks/examplevirtualnetwork/subnets/examplesubnet
privateDnsZoneArmResourceId: /subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.Network/privateDnsZones/exampleprivatednszone.private.postgres.database
resourceGroupName: exampleresourcegroup
serverName: exampleserver
sku:
name: Standard_D4ds_v5
tier: GeneralPurpose
storage:
autoGrow: Disabled
storageSizeGB: 512
tier: P20
tags:
InCustomerVnet: 'true'
InMicrosoftVnet: 'false'
version: '17'
The network property controls connectivity. Setting delegatedSubnetResourceId places the server in a specific subnet (which must be delegated to Microsoft.DBforPostgreSQL/flexibleServers). The privateDnsZoneArmResourceId links the server to a private DNS zone for name resolution within the VNet. Setting publicNetworkAccess to Disabled blocks internet access entirely.
Restore from a point-in-time backup
When data corruption or accidental deletion occurs, point-in-time restore creates a new server from an existing server’s backup history.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const server = new azure_native.dbforpostgresql.Server("server", {
createMode: azure_native.dbforpostgresql.CreateMode.PointInTimeRestore,
location: "eastus",
pointInTimeUTC: "2025-06-01T18:35:22.123456Z",
resourceGroupName: "exampleresourcegroup",
serverName: "exampleserver",
sourceServerResourceId: "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.DBforPostgreSQL/flexibleServers/examplesourceserver",
});
import pulumi
import pulumi_azure_native as azure_native
server = azure_native.dbforpostgresql.Server("server",
create_mode=azure_native.dbforpostgresql.CreateMode.POINT_IN_TIME_RESTORE,
location="eastus",
point_in_time_utc="2025-06-01T18:35:22.123456Z",
resource_group_name="exampleresourcegroup",
server_name="exampleserver",
source_server_resource_id="/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.DBforPostgreSQL/flexibleServers/examplesourceserver")
package main
import (
dbforpostgresql "github.com/pulumi/pulumi-azure-native-sdk/dbforpostgresql/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := dbforpostgresql.NewServer(ctx, "server", &dbforpostgresql.ServerArgs{
CreateMode: pulumi.String(dbforpostgresql.CreateModePointInTimeRestore),
Location: pulumi.String("eastus"),
PointInTimeUTC: pulumi.String("2025-06-01T18:35:22.123456Z"),
ResourceGroupName: pulumi.String("exampleresourcegroup"),
ServerName: pulumi.String("exampleserver"),
SourceServerResourceId: pulumi.String("/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.DBforPostgreSQL/flexibleServers/examplesourceserver"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var server = new AzureNative.DBforPostgreSQL.Server("server", new()
{
CreateMode = AzureNative.DBforPostgreSQL.CreateMode.PointInTimeRestore,
Location = "eastus",
PointInTimeUTC = "2025-06-01T18:35:22.123456Z",
ResourceGroupName = "exampleresourcegroup",
ServerName = "exampleserver",
SourceServerResourceId = "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.DBforPostgreSQL/flexibleServers/examplesourceserver",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.dbforpostgresql.Server;
import com.pulumi.azurenative.dbforpostgresql.ServerArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var server = new Server("server", ServerArgs.builder()
.createMode("PointInTimeRestore")
.location("eastus")
.pointInTimeUTC("2025-06-01T18:35:22.123456Z")
.resourceGroupName("exampleresourcegroup")
.serverName("exampleserver")
.sourceServerResourceId("/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.DBforPostgreSQL/flexibleServers/examplesourceserver")
.build());
}
}
resources:
server:
type: azure-native:dbforpostgresql:Server
properties:
createMode: PointInTimeRestore
location: eastus
pointInTimeUTC: 2025-06-01T18:35:22.123456Z
resourceGroupName: exampleresourcegroup
serverName: exampleserver
sourceServerResourceId: /subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.DBforPostgreSQL/flexibleServers/examplesourceserver
The createMode property determines how the server is created. Setting it to PointInTimeRestore requires sourceServerResourceId (the server to restore from) and pointInTimeUTC (the exact timestamp to restore to, in ISO8601 format). The new server inherits the source server’s configuration but can be placed in a different region or resource group.
Enable Microsoft Entra authentication
Organizations using Azure Active Directory for identity management can enable Microsoft Entra authentication alongside traditional password authentication, allowing users to authenticate with their Azure AD credentials.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const server = new azure_native.dbforpostgresql.Server("server", {
administratorLogin: "exampleadministratorlogin",
administratorLoginPassword: "examplepassword",
authConfig: {
activeDirectoryAuth: azure_native.dbforpostgresql.MicrosoftEntraAuth.Enabled,
passwordAuth: azure_native.dbforpostgresql.PasswordBasedAuth.Enabled,
tenantId: "tttttt-tttt-tttt-tttt-tttttttttttt",
},
availabilityZone: "1",
backup: {
backupRetentionDays: 7,
geoRedundantBackup: azure_native.dbforpostgresql.GeographicallyRedundantBackup.Disabled,
},
createMode: azure_native.dbforpostgresql.CreateMode.Create,
dataEncryption: {
type: "SystemManaged",
},
highAvailability: {
mode: azure_native.dbforpostgresql.PostgreSqlFlexibleServerHighAvailabilityMode.Disabled,
},
location: "eastus",
network: {
delegatedSubnetResourceId: "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.Network/virtualNetworks/examplevirtualnetwork/subnets/examplesubnet",
privateDnsZoneArmResourceId: "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourcegroups/exampleresourcegroup/providers/Microsoft.Network/privateDnsZones/exampleprivatednszone.postgres.database.azure.com",
},
resourceGroupName: "exampleresourcegroup",
serverName: "exampleserver",
sku: {
name: "Standard_D4ds_v5",
tier: azure_native.dbforpostgresql.SkuTier.GeneralPurpose,
},
storage: {
autoGrow: azure_native.dbforpostgresql.StorageAutoGrow.Disabled,
storageSizeGB: 512,
tier: azure_native.dbforpostgresql.AzureManagedDiskPerformanceTier.P20,
},
version: azure_native.dbforpostgresql.PostgresMajorVersion.PostgresMajorVersion_17,
});
import pulumi
import pulumi_azure_native as azure_native
server = azure_native.dbforpostgresql.Server("server",
administrator_login="exampleadministratorlogin",
administrator_login_password="examplepassword",
auth_config={
"active_directory_auth": azure_native.dbforpostgresql.MicrosoftEntraAuth.ENABLED,
"password_auth": azure_native.dbforpostgresql.PasswordBasedAuth.ENABLED,
"tenant_id": "tttttt-tttt-tttt-tttt-tttttttttttt",
},
availability_zone="1",
backup={
"backup_retention_days": 7,
"geo_redundant_backup": azure_native.dbforpostgresql.GeographicallyRedundantBackup.DISABLED,
},
create_mode=azure_native.dbforpostgresql.CreateMode.CREATE,
data_encryption={
"type": "SystemManaged",
},
high_availability={
"mode": azure_native.dbforpostgresql.PostgreSqlFlexibleServerHighAvailabilityMode.DISABLED,
},
location="eastus",
network={
"delegated_subnet_resource_id": "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.Network/virtualNetworks/examplevirtualnetwork/subnets/examplesubnet",
"private_dns_zone_arm_resource_id": "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourcegroups/exampleresourcegroup/providers/Microsoft.Network/privateDnsZones/exampleprivatednszone.postgres.database.azure.com",
},
resource_group_name="exampleresourcegroup",
server_name="exampleserver",
sku={
"name": "Standard_D4ds_v5",
"tier": azure_native.dbforpostgresql.SkuTier.GENERAL_PURPOSE,
},
storage={
"auto_grow": azure_native.dbforpostgresql.StorageAutoGrow.DISABLED,
"storage_size_gb": 512,
"tier": azure_native.dbforpostgresql.AzureManagedDiskPerformanceTier.P20,
},
version=azure_native.dbforpostgresql.PostgresMajorVersion.POSTGRES_MAJOR_VERSION_17)
package main
import (
dbforpostgresql "github.com/pulumi/pulumi-azure-native-sdk/dbforpostgresql/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := dbforpostgresql.NewServer(ctx, "server", &dbforpostgresql.ServerArgs{
AdministratorLogin: pulumi.String("exampleadministratorlogin"),
AdministratorLoginPassword: pulumi.String("examplepassword"),
AuthConfig: &dbforpostgresql.AuthConfigArgs{
ActiveDirectoryAuth: pulumi.String(dbforpostgresql.MicrosoftEntraAuthEnabled),
PasswordAuth: pulumi.String(dbforpostgresql.PasswordBasedAuthEnabled),
TenantId: pulumi.String("tttttt-tttt-tttt-tttt-tttttttttttt"),
},
AvailabilityZone: pulumi.String("1"),
Backup: &dbforpostgresql.BackupTypeArgs{
BackupRetentionDays: pulumi.Int(7),
GeoRedundantBackup: pulumi.String(dbforpostgresql.GeographicallyRedundantBackupDisabled),
},
CreateMode: pulumi.String(dbforpostgresql.CreateModeCreate),
DataEncryption: &dbforpostgresql.DataEncryptionArgs{
Type: pulumi.String("SystemManaged"),
},
HighAvailability: &dbforpostgresql.HighAvailabilityArgs{
Mode: pulumi.String(dbforpostgresql.PostgreSqlFlexibleServerHighAvailabilityModeDisabled),
},
Location: pulumi.String("eastus"),
Network: &dbforpostgresql.NetworkArgs{
DelegatedSubnetResourceId: pulumi.String("/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.Network/virtualNetworks/examplevirtualnetwork/subnets/examplesubnet"),
PrivateDnsZoneArmResourceId: pulumi.String("/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourcegroups/exampleresourcegroup/providers/Microsoft.Network/privateDnsZones/exampleprivatednszone.postgres.database.azure.com"),
},
ResourceGroupName: pulumi.String("exampleresourcegroup"),
ServerName: pulumi.String("exampleserver"),
Sku: &dbforpostgresql.SkuArgs{
Name: pulumi.String("Standard_D4ds_v5"),
Tier: pulumi.String(dbforpostgresql.SkuTierGeneralPurpose),
},
Storage: &dbforpostgresql.StorageArgs{
AutoGrow: pulumi.String(dbforpostgresql.StorageAutoGrowDisabled),
StorageSizeGB: pulumi.Int(512),
Tier: pulumi.String(dbforpostgresql.AzureManagedDiskPerformanceTierP20),
},
Version: pulumi.String(dbforpostgresql.PostgresMajorVersion_17),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var server = new AzureNative.DBforPostgreSQL.Server("server", new()
{
AdministratorLogin = "exampleadministratorlogin",
AdministratorLoginPassword = "examplepassword",
AuthConfig = new AzureNative.DBforPostgreSQL.Inputs.AuthConfigArgs
{
ActiveDirectoryAuth = AzureNative.DBforPostgreSQL.MicrosoftEntraAuth.Enabled,
PasswordAuth = AzureNative.DBforPostgreSQL.PasswordBasedAuth.Enabled,
TenantId = "tttttt-tttt-tttt-tttt-tttttttttttt",
},
AvailabilityZone = "1",
Backup = new AzureNative.DBforPostgreSQL.Inputs.BackupArgs
{
BackupRetentionDays = 7,
GeoRedundantBackup = AzureNative.DBforPostgreSQL.GeographicallyRedundantBackup.Disabled,
},
CreateMode = AzureNative.DBforPostgreSQL.CreateMode.Create,
DataEncryption = new AzureNative.DBforPostgreSQL.Inputs.DataEncryptionArgs
{
Type = "SystemManaged",
},
HighAvailability = new AzureNative.DBforPostgreSQL.Inputs.HighAvailabilityArgs
{
Mode = AzureNative.DBforPostgreSQL.PostgreSqlFlexibleServerHighAvailabilityMode.Disabled,
},
Location = "eastus",
Network = new AzureNative.DBforPostgreSQL.Inputs.NetworkArgs
{
DelegatedSubnetResourceId = "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.Network/virtualNetworks/examplevirtualnetwork/subnets/examplesubnet",
PrivateDnsZoneArmResourceId = "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourcegroups/exampleresourcegroup/providers/Microsoft.Network/privateDnsZones/exampleprivatednszone.postgres.database.azure.com",
},
ResourceGroupName = "exampleresourcegroup",
ServerName = "exampleserver",
Sku = new AzureNative.DBforPostgreSQL.Inputs.SkuArgs
{
Name = "Standard_D4ds_v5",
Tier = AzureNative.DBforPostgreSQL.SkuTier.GeneralPurpose,
},
Storage = new AzureNative.DBforPostgreSQL.Inputs.StorageArgs
{
AutoGrow = AzureNative.DBforPostgreSQL.StorageAutoGrow.Disabled,
StorageSizeGB = 512,
Tier = AzureNative.DBforPostgreSQL.AzureManagedDiskPerformanceTier.P20,
},
Version = AzureNative.DBforPostgreSQL.PostgresMajorVersion.PostgresMajorVersion_17,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.dbforpostgresql.Server;
import com.pulumi.azurenative.dbforpostgresql.ServerArgs;
import com.pulumi.azurenative.dbforpostgresql.inputs.AuthConfigArgs;
import com.pulumi.azurenative.dbforpostgresql.inputs.BackupArgs;
import com.pulumi.azurenative.dbforpostgresql.inputs.DataEncryptionArgs;
import com.pulumi.azurenative.dbforpostgresql.inputs.HighAvailabilityArgs;
import com.pulumi.azurenative.dbforpostgresql.inputs.NetworkArgs;
import com.pulumi.azurenative.dbforpostgresql.inputs.SkuArgs;
import com.pulumi.azurenative.dbforpostgresql.inputs.StorageArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var server = new Server("server", ServerArgs.builder()
.administratorLogin("exampleadministratorlogin")
.administratorLoginPassword("examplepassword")
.authConfig(AuthConfigArgs.builder()
.activeDirectoryAuth("Enabled")
.passwordAuth("Enabled")
.tenantId("tttttt-tttt-tttt-tttt-tttttttttttt")
.build())
.availabilityZone("1")
.backup(BackupArgs.builder()
.backupRetentionDays(7)
.geoRedundantBackup("Disabled")
.build())
.createMode("Create")
.dataEncryption(DataEncryptionArgs.builder()
.type("SystemManaged")
.build())
.highAvailability(HighAvailabilityArgs.builder()
.mode("Disabled")
.build())
.location("eastus")
.network(NetworkArgs.builder()
.delegatedSubnetResourceId("/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.Network/virtualNetworks/examplevirtualnetwork/subnets/examplesubnet")
.privateDnsZoneArmResourceId("/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourcegroups/exampleresourcegroup/providers/Microsoft.Network/privateDnsZones/exampleprivatednszone.postgres.database.azure.com")
.build())
.resourceGroupName("exampleresourcegroup")
.serverName("exampleserver")
.sku(SkuArgs.builder()
.name("Standard_D4ds_v5")
.tier("GeneralPurpose")
.build())
.storage(StorageArgs.builder()
.autoGrow("Disabled")
.storageSizeGB(512)
.tier("P20")
.build())
.version("17")
.build());
}
}
resources:
server:
type: azure-native:dbforpostgresql:Server
properties:
administratorLogin: exampleadministratorlogin
administratorLoginPassword: examplepassword
authConfig:
activeDirectoryAuth: Enabled
passwordAuth: Enabled
tenantId: tttttt-tttt-tttt-tttt-tttttttttttt
availabilityZone: '1'
backup:
backupRetentionDays: 7
geoRedundantBackup: Disabled
createMode: Create
dataEncryption:
type: SystemManaged
highAvailability:
mode: Disabled
location: eastus
network:
delegatedSubnetResourceId: /subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.Network/virtualNetworks/examplevirtualnetwork/subnets/examplesubnet
privateDnsZoneArmResourceId: /subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourcegroups/exampleresourcegroup/providers/Microsoft.Network/privateDnsZones/exampleprivatednszone.postgres.database.azure.com
resourceGroupName: exampleresourcegroup
serverName: exampleserver
sku:
name: Standard_D4ds_v5
tier: GeneralPurpose
storage:
autoGrow: Disabled
storageSizeGB: 512
tier: P20
version: '17'
The authConfig property controls authentication methods. Setting activeDirectoryAuth to Enabled allows Azure AD users to connect; passwordAuth controls whether traditional username/password authentication is allowed. The tenantId specifies which Azure AD tenant to use. Both authentication methods can be enabled simultaneously.
Encrypt with customer-managed keys and auto-rotation
Compliance requirements often mandate customer-managed encryption keys stored in Azure Key Vault. Automatic key version update allows the server to use the latest key version without manual intervention when keys are rotated.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const server = new azure_native.dbforpostgresql.Server("server", {
administratorLogin: "exampleadministratorlogin",
administratorLoginPassword: "examplepassword",
availabilityZone: "1",
backup: {
backupRetentionDays: 7,
geoRedundantBackup: azure_native.dbforpostgresql.GeographicallyRedundantBackup.Disabled,
},
createMode: azure_native.dbforpostgresql.CreateMode.Create,
dataEncryption: {
geoBackupKeyURI: "",
geoBackupUserAssignedIdentityId: "",
primaryKeyURI: "https://exampleprimarykeyvault.vault.azure.net/keys/examplekey",
primaryUserAssignedIdentityId: "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/exampleprimaryidentity",
type: azure_native.dbforpostgresql.DataEncryptionType.AzureKeyVault,
},
highAvailability: {
mode: azure_native.dbforpostgresql.PostgreSqlFlexibleServerHighAvailabilityMode.ZoneRedundant,
},
identity: {
type: azure_native.dbforpostgresql.IdentityType.UserAssigned,
userAssignedIdentities: {
"/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/exampleprimaryidentity": {},
},
},
location: "eastus",
network: {
delegatedSubnetResourceId: "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.Network/virtualNetworks/examplevirtualnetwork/subnets/examplesubnet",
privateDnsZoneArmResourceId: "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourcegroups/exampleresourcegroup/providers/Microsoft.Network/privateDnsZones/exampleprivatednszone.postgres.database.azure.com",
},
resourceGroupName: "exampleresourcegroup",
serverName: "exampleserver",
sku: {
name: "Standard_D4ds_v5",
tier: azure_native.dbforpostgresql.SkuTier.GeneralPurpose,
},
storage: {
autoGrow: azure_native.dbforpostgresql.StorageAutoGrow.Disabled,
storageSizeGB: 512,
tier: azure_native.dbforpostgresql.AzureManagedDiskPerformanceTier.P20,
},
version: azure_native.dbforpostgresql.PostgresMajorVersion.PostgresMajorVersion_17,
});
import pulumi
import pulumi_azure_native as azure_native
server = azure_native.dbforpostgresql.Server("server",
administrator_login="exampleadministratorlogin",
administrator_login_password="examplepassword",
availability_zone="1",
backup={
"backup_retention_days": 7,
"geo_redundant_backup": azure_native.dbforpostgresql.GeographicallyRedundantBackup.DISABLED,
},
create_mode=azure_native.dbforpostgresql.CreateMode.CREATE,
data_encryption={
"geo_backup_key_uri": "",
"geo_backup_user_assigned_identity_id": "",
"primary_key_uri": "https://exampleprimarykeyvault.vault.azure.net/keys/examplekey",
"primary_user_assigned_identity_id": "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/exampleprimaryidentity",
"type": azure_native.dbforpostgresql.DataEncryptionType.AZURE_KEY_VAULT,
},
high_availability={
"mode": azure_native.dbforpostgresql.PostgreSqlFlexibleServerHighAvailabilityMode.ZONE_REDUNDANT,
},
identity={
"type": azure_native.dbforpostgresql.IdentityType.USER_ASSIGNED,
"user_assigned_identities": {
"/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/exampleprimaryidentity": {},
},
},
location="eastus",
network={
"delegated_subnet_resource_id": "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.Network/virtualNetworks/examplevirtualnetwork/subnets/examplesubnet",
"private_dns_zone_arm_resource_id": "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourcegroups/exampleresourcegroup/providers/Microsoft.Network/privateDnsZones/exampleprivatednszone.postgres.database.azure.com",
},
resource_group_name="exampleresourcegroup",
server_name="exampleserver",
sku={
"name": "Standard_D4ds_v5",
"tier": azure_native.dbforpostgresql.SkuTier.GENERAL_PURPOSE,
},
storage={
"auto_grow": azure_native.dbforpostgresql.StorageAutoGrow.DISABLED,
"storage_size_gb": 512,
"tier": azure_native.dbforpostgresql.AzureManagedDiskPerformanceTier.P20,
},
version=azure_native.dbforpostgresql.PostgresMajorVersion.POSTGRES_MAJOR_VERSION_17)
package main
import (
dbforpostgresql "github.com/pulumi/pulumi-azure-native-sdk/dbforpostgresql/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := dbforpostgresql.NewServer(ctx, "server", &dbforpostgresql.ServerArgs{
AdministratorLogin: pulumi.String("exampleadministratorlogin"),
AdministratorLoginPassword: pulumi.String("examplepassword"),
AvailabilityZone: pulumi.String("1"),
Backup: &dbforpostgresql.BackupTypeArgs{
BackupRetentionDays: pulumi.Int(7),
GeoRedundantBackup: pulumi.String(dbforpostgresql.GeographicallyRedundantBackupDisabled),
},
CreateMode: pulumi.String(dbforpostgresql.CreateModeCreate),
DataEncryption: &dbforpostgresql.DataEncryptionArgs{
GeoBackupKeyURI: pulumi.String(""),
GeoBackupUserAssignedIdentityId: pulumi.String(""),
PrimaryKeyURI: pulumi.String("https://exampleprimarykeyvault.vault.azure.net/keys/examplekey"),
PrimaryUserAssignedIdentityId: pulumi.String("/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/exampleprimaryidentity"),
Type: pulumi.String(dbforpostgresql.DataEncryptionTypeAzureKeyVault),
},
HighAvailability: &dbforpostgresql.HighAvailabilityArgs{
Mode: pulumi.String(dbforpostgresql.PostgreSqlFlexibleServerHighAvailabilityModeZoneRedundant),
},
Identity: &dbforpostgresql.UserAssignedIdentityArgs{
Type: pulumi.String(dbforpostgresql.IdentityTypeUserAssigned),
UserAssignedIdentities: dbforpostgresql.UserIdentityMap{
"/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/exampleprimaryidentity": &dbforpostgresql.UserIdentityArgs{},
},
},
Location: pulumi.String("eastus"),
Network: &dbforpostgresql.NetworkArgs{
DelegatedSubnetResourceId: pulumi.String("/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.Network/virtualNetworks/examplevirtualnetwork/subnets/examplesubnet"),
PrivateDnsZoneArmResourceId: pulumi.String("/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourcegroups/exampleresourcegroup/providers/Microsoft.Network/privateDnsZones/exampleprivatednszone.postgres.database.azure.com"),
},
ResourceGroupName: pulumi.String("exampleresourcegroup"),
ServerName: pulumi.String("exampleserver"),
Sku: &dbforpostgresql.SkuArgs{
Name: pulumi.String("Standard_D4ds_v5"),
Tier: pulumi.String(dbforpostgresql.SkuTierGeneralPurpose),
},
Storage: &dbforpostgresql.StorageArgs{
AutoGrow: pulumi.String(dbforpostgresql.StorageAutoGrowDisabled),
StorageSizeGB: pulumi.Int(512),
Tier: pulumi.String(dbforpostgresql.AzureManagedDiskPerformanceTierP20),
},
Version: pulumi.String(dbforpostgresql.PostgresMajorVersion_17),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var server = new AzureNative.DBforPostgreSQL.Server("server", new()
{
AdministratorLogin = "exampleadministratorlogin",
AdministratorLoginPassword = "examplepassword",
AvailabilityZone = "1",
Backup = new AzureNative.DBforPostgreSQL.Inputs.BackupArgs
{
BackupRetentionDays = 7,
GeoRedundantBackup = AzureNative.DBforPostgreSQL.GeographicallyRedundantBackup.Disabled,
},
CreateMode = AzureNative.DBforPostgreSQL.CreateMode.Create,
DataEncryption = new AzureNative.DBforPostgreSQL.Inputs.DataEncryptionArgs
{
GeoBackupKeyURI = "",
GeoBackupUserAssignedIdentityId = "",
PrimaryKeyURI = "https://exampleprimarykeyvault.vault.azure.net/keys/examplekey",
PrimaryUserAssignedIdentityId = "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/exampleprimaryidentity",
Type = AzureNative.DBforPostgreSQL.DataEncryptionType.AzureKeyVault,
},
HighAvailability = new AzureNative.DBforPostgreSQL.Inputs.HighAvailabilityArgs
{
Mode = AzureNative.DBforPostgreSQL.PostgreSqlFlexibleServerHighAvailabilityMode.ZoneRedundant,
},
Identity = new AzureNative.DBforPostgreSQL.Inputs.UserAssignedIdentityArgs
{
Type = AzureNative.DBforPostgreSQL.IdentityType.UserAssigned,
UserAssignedIdentities =
{
{ "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/exampleprimaryidentity", null },
},
},
Location = "eastus",
Network = new AzureNative.DBforPostgreSQL.Inputs.NetworkArgs
{
DelegatedSubnetResourceId = "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.Network/virtualNetworks/examplevirtualnetwork/subnets/examplesubnet",
PrivateDnsZoneArmResourceId = "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourcegroups/exampleresourcegroup/providers/Microsoft.Network/privateDnsZones/exampleprivatednszone.postgres.database.azure.com",
},
ResourceGroupName = "exampleresourcegroup",
ServerName = "exampleserver",
Sku = new AzureNative.DBforPostgreSQL.Inputs.SkuArgs
{
Name = "Standard_D4ds_v5",
Tier = AzureNative.DBforPostgreSQL.SkuTier.GeneralPurpose,
},
Storage = new AzureNative.DBforPostgreSQL.Inputs.StorageArgs
{
AutoGrow = AzureNative.DBforPostgreSQL.StorageAutoGrow.Disabled,
StorageSizeGB = 512,
Tier = AzureNative.DBforPostgreSQL.AzureManagedDiskPerformanceTier.P20,
},
Version = AzureNative.DBforPostgreSQL.PostgresMajorVersion.PostgresMajorVersion_17,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.dbforpostgresql.Server;
import com.pulumi.azurenative.dbforpostgresql.ServerArgs;
import com.pulumi.azurenative.dbforpostgresql.inputs.BackupArgs;
import com.pulumi.azurenative.dbforpostgresql.inputs.DataEncryptionArgs;
import com.pulumi.azurenative.dbforpostgresql.inputs.HighAvailabilityArgs;
import com.pulumi.azurenative.dbforpostgresql.inputs.UserAssignedIdentityArgs;
import com.pulumi.azurenative.dbforpostgresql.inputs.NetworkArgs;
import com.pulumi.azurenative.dbforpostgresql.inputs.SkuArgs;
import com.pulumi.azurenative.dbforpostgresql.inputs.StorageArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var server = new Server("server", ServerArgs.builder()
.administratorLogin("exampleadministratorlogin")
.administratorLoginPassword("examplepassword")
.availabilityZone("1")
.backup(BackupArgs.builder()
.backupRetentionDays(7)
.geoRedundantBackup("Disabled")
.build())
.createMode("Create")
.dataEncryption(DataEncryptionArgs.builder()
.geoBackupKeyURI("")
.geoBackupUserAssignedIdentityId("")
.primaryKeyURI("https://exampleprimarykeyvault.vault.azure.net/keys/examplekey")
.primaryUserAssignedIdentityId("/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/exampleprimaryidentity")
.type("AzureKeyVault")
.build())
.highAvailability(HighAvailabilityArgs.builder()
.mode("ZoneRedundant")
.build())
.identity(UserAssignedIdentityArgs.builder()
.type("UserAssigned")
.userAssignedIdentities(Map.of("/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/exampleprimaryidentity", UserIdentityArgs.builder()
.build()))
.build())
.location("eastus")
.network(NetworkArgs.builder()
.delegatedSubnetResourceId("/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.Network/virtualNetworks/examplevirtualnetwork/subnets/examplesubnet")
.privateDnsZoneArmResourceId("/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourcegroups/exampleresourcegroup/providers/Microsoft.Network/privateDnsZones/exampleprivatednszone.postgres.database.azure.com")
.build())
.resourceGroupName("exampleresourcegroup")
.serverName("exampleserver")
.sku(SkuArgs.builder()
.name("Standard_D4ds_v5")
.tier("GeneralPurpose")
.build())
.storage(StorageArgs.builder()
.autoGrow("Disabled")
.storageSizeGB(512)
.tier("P20")
.build())
.version("17")
.build());
}
}
resources:
server:
type: azure-native:dbforpostgresql:Server
properties:
administratorLogin: exampleadministratorlogin
administratorLoginPassword: examplepassword
availabilityZone: '1'
backup:
backupRetentionDays: 7
geoRedundantBackup: Disabled
createMode: Create
dataEncryption:
geoBackupKeyURI: ""
geoBackupUserAssignedIdentityId: ""
primaryKeyURI: https://exampleprimarykeyvault.vault.azure.net/keys/examplekey
primaryUserAssignedIdentityId: /subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/exampleprimaryidentity
type: AzureKeyVault
highAvailability:
mode: ZoneRedundant
identity:
type: UserAssigned
userAssignedIdentities:
? /subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/exampleprimaryidentity
: {}
location: eastus
network:
delegatedSubnetResourceId: /subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.Network/virtualNetworks/examplevirtualnetwork/subnets/examplesubnet
privateDnsZoneArmResourceId: /subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourcegroups/exampleresourcegroup/providers/Microsoft.Network/privateDnsZones/exampleprivatednszone.postgres.database.azure.com
resourceGroupName: exampleresourcegroup
serverName: exampleserver
sku:
name: Standard_D4ds_v5
tier: GeneralPurpose
storage:
autoGrow: Disabled
storageSizeGB: 512
tier: P20
version: '17'
The dataEncryption property configures encryption. Setting type to AzureKeyVault enables customer-managed keys. The primaryKeyURI points to a Key Vault key (without a version suffix for auto-rotation). The primaryUserAssignedIdentityId specifies a managed identity with permissions to access the key. The identity property must include this same managed identity in userAssignedIdentities.
Create a read replica for scaling reads
Read-heavy workloads benefit from read replicas that asynchronously replicate data from a primary server, serving read queries and reducing load on the primary.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const server = new azure_native.dbforpostgresql.Server("server", {
createMode: azure_native.dbforpostgresql.CreateMode.Replica,
dataEncryption: {
geoBackupKeyURI: "",
geoBackupUserAssignedIdentityId: "",
primaryKeyURI: "https://exampleprimarykeyvault.vault.azure.net/keys/examplekey/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
primaryUserAssignedIdentityId: "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/exampleprimaryidentity",
type: azure_native.dbforpostgresql.DataEncryptionType.AzureKeyVault,
},
identity: {
type: azure_native.dbforpostgresql.IdentityType.UserAssigned,
userAssignedIdentities: {
"/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/exampleprimaryidentity": {},
},
},
location: "eastus",
pointInTimeUTC: "2025-06-01T18:35:22.123456Z",
resourceGroupName: "exampleresourcegroup",
serverName: "exampleserver",
sourceServerResourceId: "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.DBforPostgreSQL/flexibleServers/examplesourceserver",
});
import pulumi
import pulumi_azure_native as azure_native
server = azure_native.dbforpostgresql.Server("server",
create_mode=azure_native.dbforpostgresql.CreateMode.REPLICA,
data_encryption={
"geo_backup_key_uri": "",
"geo_backup_user_assigned_identity_id": "",
"primary_key_uri": "https://exampleprimarykeyvault.vault.azure.net/keys/examplekey/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"primary_user_assigned_identity_id": "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/exampleprimaryidentity",
"type": azure_native.dbforpostgresql.DataEncryptionType.AZURE_KEY_VAULT,
},
identity={
"type": azure_native.dbforpostgresql.IdentityType.USER_ASSIGNED,
"user_assigned_identities": {
"/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/exampleprimaryidentity": {},
},
},
location="eastus",
point_in_time_utc="2025-06-01T18:35:22.123456Z",
resource_group_name="exampleresourcegroup",
server_name="exampleserver",
source_server_resource_id="/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.DBforPostgreSQL/flexibleServers/examplesourceserver")
package main
import (
dbforpostgresql "github.com/pulumi/pulumi-azure-native-sdk/dbforpostgresql/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := dbforpostgresql.NewServer(ctx, "server", &dbforpostgresql.ServerArgs{
CreateMode: pulumi.String(dbforpostgresql.CreateModeReplica),
DataEncryption: &dbforpostgresql.DataEncryptionArgs{
GeoBackupKeyURI: pulumi.String(""),
GeoBackupUserAssignedIdentityId: pulumi.String(""),
PrimaryKeyURI: pulumi.String("https://exampleprimarykeyvault.vault.azure.net/keys/examplekey/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"),
PrimaryUserAssignedIdentityId: pulumi.String("/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/exampleprimaryidentity"),
Type: pulumi.String(dbforpostgresql.DataEncryptionTypeAzureKeyVault),
},
Identity: &dbforpostgresql.UserAssignedIdentityArgs{
Type: pulumi.String(dbforpostgresql.IdentityTypeUserAssigned),
UserAssignedIdentities: dbforpostgresql.UserIdentityMap{
"/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/exampleprimaryidentity": &dbforpostgresql.UserIdentityArgs{},
},
},
Location: pulumi.String("eastus"),
PointInTimeUTC: pulumi.String("2025-06-01T18:35:22.123456Z"),
ResourceGroupName: pulumi.String("exampleresourcegroup"),
ServerName: pulumi.String("exampleserver"),
SourceServerResourceId: pulumi.String("/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.DBforPostgreSQL/flexibleServers/examplesourceserver"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var server = new AzureNative.DBforPostgreSQL.Server("server", new()
{
CreateMode = AzureNative.DBforPostgreSQL.CreateMode.Replica,
DataEncryption = new AzureNative.DBforPostgreSQL.Inputs.DataEncryptionArgs
{
GeoBackupKeyURI = "",
GeoBackupUserAssignedIdentityId = "",
PrimaryKeyURI = "https://exampleprimarykeyvault.vault.azure.net/keys/examplekey/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
PrimaryUserAssignedIdentityId = "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/exampleprimaryidentity",
Type = AzureNative.DBforPostgreSQL.DataEncryptionType.AzureKeyVault,
},
Identity = new AzureNative.DBforPostgreSQL.Inputs.UserAssignedIdentityArgs
{
Type = AzureNative.DBforPostgreSQL.IdentityType.UserAssigned,
UserAssignedIdentities =
{
{ "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/exampleprimaryidentity", null },
},
},
Location = "eastus",
PointInTimeUTC = "2025-06-01T18:35:22.123456Z",
ResourceGroupName = "exampleresourcegroup",
ServerName = "exampleserver",
SourceServerResourceId = "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.DBforPostgreSQL/flexibleServers/examplesourceserver",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.dbforpostgresql.Server;
import com.pulumi.azurenative.dbforpostgresql.ServerArgs;
import com.pulumi.azurenative.dbforpostgresql.inputs.DataEncryptionArgs;
import com.pulumi.azurenative.dbforpostgresql.inputs.UserAssignedIdentityArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var server = new Server("server", ServerArgs.builder()
.createMode("Replica")
.dataEncryption(DataEncryptionArgs.builder()
.geoBackupKeyURI("")
.geoBackupUserAssignedIdentityId("")
.primaryKeyURI("https://exampleprimarykeyvault.vault.azure.net/keys/examplekey/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx")
.primaryUserAssignedIdentityId("/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/exampleprimaryidentity")
.type("AzureKeyVault")
.build())
.identity(UserAssignedIdentityArgs.builder()
.type("UserAssigned")
.userAssignedIdentities(Map.of("/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/exampleprimaryidentity", UserIdentityArgs.builder()
.build()))
.build())
.location("eastus")
.pointInTimeUTC("2025-06-01T18:35:22.123456Z")
.resourceGroupName("exampleresourcegroup")
.serverName("exampleserver")
.sourceServerResourceId("/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.DBforPostgreSQL/flexibleServers/examplesourceserver")
.build());
}
}
resources:
server:
type: azure-native:dbforpostgresql:Server
properties:
createMode: Replica
dataEncryption:
geoBackupKeyURI: ""
geoBackupUserAssignedIdentityId: ""
primaryKeyURI: https://exampleprimarykeyvault.vault.azure.net/keys/examplekey/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
primaryUserAssignedIdentityId: /subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/exampleprimaryidentity
type: AzureKeyVault
identity:
type: UserAssigned
userAssignedIdentities:
? /subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/exampleprimaryidentity
: {}
location: eastus
pointInTimeUTC: 2025-06-01T18:35:22.123456Z
resourceGroupName: exampleresourcegroup
serverName: exampleserver
sourceServerResourceId: /subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/exampleresourcegroup/providers/Microsoft.DBforPostgreSQL/flexibleServers/examplesourceserver
Setting createMode to Replica creates a read-only copy of the source server specified by sourceServerResourceId. The replica asynchronously receives changes from the primary and can serve read queries. Replicas inherit most configuration from the source but can use different compute tiers or be placed in different regions for geographic distribution.
Beyond these examples
These snippets focus on specific server-level features: high availability modes, network isolation and VNet integration, backup and restore operations, authentication methods, encryption with customer-managed keys, and read replicas for scaling. They’re intentionally minimal rather than full database deployments.
The examples may reference pre-existing infrastructure such as virtual networks, subnets, and private DNS zones for VNet integration, Azure Key Vault and encryption keys for customer-managed encryption, user-assigned managed identities for Key Vault access, and source servers for restore and replica operations. They focus on configuring the server rather than provisioning everything around it.
To keep things focused, common server patterns are omitted, including:
- Elastic cluster configuration (cluster property with clusterSize, defaultDatabaseName)
- Geo-restore operations (GeoRestore createMode with geo-redundant backups)
- Storage configuration details (autoGrow, storageSizeGB, tier)
- Maintenance window scheduling
- Server SKU selection and compute tier tuning
- Revive dropped server operations
These omissions are intentional: the goal is to illustrate how each server feature is wired, not provide drop-in database modules. See the PostgreSQL Server resource reference for all available configuration options.
Let's deploy Azure Database for PostgreSQL Servers
Get started with Pulumi Cloud, then follow our quick setup guide to deploy this infrastructure.
Try Pulumi Cloud for FREEFrequently Asked Questions
Server Creation & Restore
What are the different server creation modes?
You can create a server using five modes:
- Create - New server from scratch
- PointInTimeRestore - Restore from a backup at a specific time
- GeoRestore - Restore from a geo-redundant backup
- ReviveDropped - Recover a recently deleted server
- Replica - Create a read replica of an existing server
How do I restore a server from a point-in-time backup?
Set
createMode to PointInTimeRestore, provide sourceServerResourceId, and specify pointInTimeUTC with the desired restore time.How do I revive a deleted server?
Set
createMode to ReviveDropped, provide sourceServerResourceId of the deleted server, and specify pointInTimeUTC.High Availability & Zones
What's the difference between ZoneRedundant and SameZone high availability?
ZoneRedundant deploys the standby replica in a different availability zone for better resilience, while SameZone deploys it in the same zone as the primary.Can I change the availability zone after server creation?
No,
availabilityZone is immutable and cannot be changed after the server is created.Networking & Connectivity
How do I integrate my server with a VNet?
Configure both
network.delegatedSubnetResourceId (subnet ID) and network.privateDnsZoneArmResourceId (private DNS zone ID). Both are required for VNet integration.Can I switch between public and private network access after creation?
You can change
network.publicNetworkAccess between Enabled and Disabled, but VNet integration properties (delegatedSubnetResourceId, privateDnsZoneArmResourceId) cannot be changed after creation.Security & Encryption
How do I enable customer-managed encryption keys?
Set
dataEncryption.type to AzureKeyVault, provide primaryKeyURI and primaryUserAssignedIdentityId, and configure identity with type set to UserAssigned.How do I enable Microsoft Entra authentication?
Configure
authConfig with activeDirectoryAuth set to Enabled, passwordAuth as needed, and provide your tenantId.Backup & Recovery
How do I enable geo-redundant backups?
Set
backup.geoRedundantBackup to Enabled. This allows you to restore the server in a different region using createMode set to GeoRestore.Storage Configuration
What storage options are available?
Configure
storage.storageSizeGB (e.g., 256, 512), storage.tier (performance tier like P15, P20), and storage.autoGrow (Enabled or Disabled).Immutability & Limitations
What properties can't be changed after server creation?
The following properties are immutable:
location, administratorLogin, availabilityZone, resourceGroupName, serverName, sourceServerResourceId, and pointInTimeUTC.