Deploy Azure SQL Managed Databases

The azure-native:sql:ManagedDatabase resource, part of the Pulumi Azure Native provider, defines a database within an Azure SQL Managed Instance: its creation method, restore source, and configuration. This guide focuses on four capabilities: creating new databases, restoring from external backups, point-in-time and cross-subscription restore, and geo-replicated backup recovery.

Managed databases require an existing managed instance and may reference storage accounts, backup files, or source databases depending on the creation mode. The examples are intentionally small. Combine them with your own managed instances, backup strategies, and disaster recovery plans.

Create a new database on a managed instance

Most deployments start by creating a new database on an existing managed instance with basic configuration.

import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";

const managedDatabase = new azure_native.sql.ManagedDatabase("managedDatabase", {
    databaseName: "managedDatabase",
    location: "southeastasia",
    managedInstanceName: "managedInstance",
    resourceGroupName: "Default-SQL-SouthEastAsia",
});

import pulumi
import pulumi_azure_native as azure_native

managed_database = azure_native.sql.ManagedDatabase("managedDatabase",
    database_name="managedDatabase",
    location="southeastasia",
    managed_instance_name="managedInstance",
    resource_group_name="Default-SQL-SouthEastAsia")

package main

import (
	sql "github.com/pulumi/pulumi-azure-native-sdk/sql/v3"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := sql.NewManagedDatabase(ctx, "managedDatabase", &sql.ManagedDatabaseArgs{
			DatabaseName:        pulumi.String("managedDatabase"),
			Location:            pulumi.String("southeastasia"),
			ManagedInstanceName: pulumi.String("managedInstance"),
			ResourceGroupName:   pulumi.String("Default-SQL-SouthEastAsia"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;

return await Deployment.RunAsync(() => 
{
    var managedDatabase = new AzureNative.Sql.ManagedDatabase("managedDatabase", new()
    {
        DatabaseName = "managedDatabase",
        Location = "southeastasia",
        ManagedInstanceName = "managedInstance",
        ResourceGroupName = "Default-SQL-SouthEastAsia",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.sql.ManagedDatabase;
import com.pulumi.azurenative.sql.ManagedDatabaseArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var managedDatabase = new ManagedDatabase("managedDatabase", ManagedDatabaseArgs.builder()
            .databaseName("managedDatabase")
            .location("southeastasia")
            .managedInstanceName("managedInstance")
            .resourceGroupName("Default-SQL-SouthEastAsia")
            .build());

    }
}

resources:
  managedDatabase:
    type: azure-native:sql:ManagedDatabase
    properties:
      databaseName: managedDatabase
      location: southeastasia
      managedInstanceName: managedInstance
      resourceGroupName: Default-SQL-SouthEastAsia

The databaseName property sets the database identifier. The managedInstanceName references the parent managed instance that must already exist. Without specifying createMode, the database is created empty with default collation and settings.

Restore from external backup with SAS token authentication

Teams migrating from on-premises SQL Server often restore databases from backup files stored in Azure Blob Storage.

import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";

const managedDatabase = new azure_native.sql.ManagedDatabase("managedDatabase", {
    autoCompleteRestore: true,
    collation: "SQL_Latin1_General_CP1_CI_AS",
    createMode: azure_native.sql.ManagedDatabaseCreateMode.RestoreExternalBackup,
    databaseName: "managedDatabase",
    lastBackupName: "last_backup_name",
    location: "southeastasia",
    managedInstanceName: "managedInstance",
    resourceGroupName: "Default-SQL-SouthEastAsia",
    storageContainerSasToken: "sv=2015-12-11&sr=c&sp=rl&sig=1234",
    storageContainerUri: "https://myaccountname.blob.core.windows.net/backups",
});

import pulumi
import pulumi_azure_native as azure_native

managed_database = azure_native.sql.ManagedDatabase("managedDatabase",
    auto_complete_restore=True,
    collation="SQL_Latin1_General_CP1_CI_AS",
    create_mode=azure_native.sql.ManagedDatabaseCreateMode.RESTORE_EXTERNAL_BACKUP,
    database_name="managedDatabase",
    last_backup_name="last_backup_name",
    location="southeastasia",
    managed_instance_name="managedInstance",
    resource_group_name="Default-SQL-SouthEastAsia",
    storage_container_sas_token="sv=2015-12-11&sr=c&sp=rl&sig=1234",
    storage_container_uri="https://myaccountname.blob.core.windows.net/backups")

package main

import (
	sql "github.com/pulumi/pulumi-azure-native-sdk/sql/v3"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := sql.NewManagedDatabase(ctx, "managedDatabase", &sql.ManagedDatabaseArgs{
			AutoCompleteRestore:      pulumi.Bool(true),
			Collation:                pulumi.String("SQL_Latin1_General_CP1_CI_AS"),
			CreateMode:               pulumi.String(sql.ManagedDatabaseCreateModeRestoreExternalBackup),
			DatabaseName:             pulumi.String("managedDatabase"),
			LastBackupName:           pulumi.String("last_backup_name"),
			Location:                 pulumi.String("southeastasia"),
			ManagedInstanceName:      pulumi.String("managedInstance"),
			ResourceGroupName:        pulumi.String("Default-SQL-SouthEastAsia"),
			StorageContainerSasToken: pulumi.String("sv=2015-12-11&sr=c&sp=rl&sig=1234"),
			StorageContainerUri:      pulumi.String("https://myaccountname.blob.core.windows.net/backups"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;

return await Deployment.RunAsync(() => 
{
    var managedDatabase = new AzureNative.Sql.ManagedDatabase("managedDatabase", new()
    {
        AutoCompleteRestore = true,
        Collation = "SQL_Latin1_General_CP1_CI_AS",
        CreateMode = AzureNative.Sql.ManagedDatabaseCreateMode.RestoreExternalBackup,
        DatabaseName = "managedDatabase",
        LastBackupName = "last_backup_name",
        Location = "southeastasia",
        ManagedInstanceName = "managedInstance",
        ResourceGroupName = "Default-SQL-SouthEastAsia",
        StorageContainerSasToken = "sv=2015-12-11&sr=c&sp=rl&sig=1234",
        StorageContainerUri = "https://myaccountname.blob.core.windows.net/backups",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.sql.ManagedDatabase;
import com.pulumi.azurenative.sql.ManagedDatabaseArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var managedDatabase = new ManagedDatabase("managedDatabase", ManagedDatabaseArgs.builder()
            .autoCompleteRestore(true)
            .collation("SQL_Latin1_General_CP1_CI_AS")
            .createMode("RestoreExternalBackup")
            .databaseName("managedDatabase")
            .lastBackupName("last_backup_name")
            .location("southeastasia")
            .managedInstanceName("managedInstance")
            .resourceGroupName("Default-SQL-SouthEastAsia")
            .storageContainerSasToken("sv=2015-12-11&sr=c&sp=rl&sig=1234")
            .storageContainerUri("https://myaccountname.blob.core.windows.net/backups")
            .build());

    }
}

resources:
  managedDatabase:
    type: azure-native:sql:ManagedDatabase
    properties:
      autoCompleteRestore: true
      collation: SQL_Latin1_General_CP1_CI_AS
      createMode: RestoreExternalBackup
      databaseName: managedDatabase
      lastBackupName: last_backup_name
      location: southeastasia
      managedInstanceName: managedInstance
      resourceGroupName: Default-SQL-SouthEastAsia
      storageContainerSasToken: sv=2015-12-11&sr=c&sp=rl&sig=1234
      storageContainerUri: https://myaccountname.blob.core.windows.net/backups

The createMode property set to RestoreExternalBackup tells Azure to restore from external .bak files. The storageContainerUri points to the blob container, and storageContainerSasToken provides read access. The lastBackupName identifies which backup file to restore, and autoCompleteRestore determines whether the restore completes automatically or waits for additional transaction logs.

Restore from external backup with managed identity

Organizations using managed identities can restore databases without managing SAS tokens.

import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";

const managedDatabase = new azure_native.sql.ManagedDatabase("managedDatabase", {
    autoCompleteRestore: true,
    collation: "SQL_Latin1_General_CP1_CI_AS",
    createMode: azure_native.sql.ManagedDatabaseCreateMode.RestoreExternalBackup,
    databaseName: "managedDatabase",
    lastBackupName: "last_backup_name",
    location: "southeastasia",
    managedInstanceName: "managedInstance",
    resourceGroupName: "Default-SQL-SouthEastAsia",
    storageContainerIdentity: "ManagedIdentity",
    storageContainerUri: "https://myaccountname.blob.core.windows.net/backups",
});

import pulumi
import pulumi_azure_native as azure_native

managed_database = azure_native.sql.ManagedDatabase("managedDatabase",
    auto_complete_restore=True,
    collation="SQL_Latin1_General_CP1_CI_AS",
    create_mode=azure_native.sql.ManagedDatabaseCreateMode.RESTORE_EXTERNAL_BACKUP,
    database_name="managedDatabase",
    last_backup_name="last_backup_name",
    location="southeastasia",
    managed_instance_name="managedInstance",
    resource_group_name="Default-SQL-SouthEastAsia",
    storage_container_identity="ManagedIdentity",
    storage_container_uri="https://myaccountname.blob.core.windows.net/backups")

package main

import (
	sql "github.com/pulumi/pulumi-azure-native-sdk/sql/v3"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := sql.NewManagedDatabase(ctx, "managedDatabase", &sql.ManagedDatabaseArgs{
			AutoCompleteRestore:      pulumi.Bool(true),
			Collation:                pulumi.String("SQL_Latin1_General_CP1_CI_AS"),
			CreateMode:               pulumi.String(sql.ManagedDatabaseCreateModeRestoreExternalBackup),
			DatabaseName:             pulumi.String("managedDatabase"),
			LastBackupName:           pulumi.String("last_backup_name"),
			Location:                 pulumi.String("southeastasia"),
			ManagedInstanceName:      pulumi.String("managedInstance"),
			ResourceGroupName:        pulumi.String("Default-SQL-SouthEastAsia"),
			StorageContainerIdentity: pulumi.String("ManagedIdentity"),
			StorageContainerUri:      pulumi.String("https://myaccountname.blob.core.windows.net/backups"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;

return await Deployment.RunAsync(() => 
{
    var managedDatabase = new AzureNative.Sql.ManagedDatabase("managedDatabase", new()
    {
        AutoCompleteRestore = true,
        Collation = "SQL_Latin1_General_CP1_CI_AS",
        CreateMode = AzureNative.Sql.ManagedDatabaseCreateMode.RestoreExternalBackup,
        DatabaseName = "managedDatabase",
        LastBackupName = "last_backup_name",
        Location = "southeastasia",
        ManagedInstanceName = "managedInstance",
        ResourceGroupName = "Default-SQL-SouthEastAsia",
        StorageContainerIdentity = "ManagedIdentity",
        StorageContainerUri = "https://myaccountname.blob.core.windows.net/backups",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.sql.ManagedDatabase;
import com.pulumi.azurenative.sql.ManagedDatabaseArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var managedDatabase = new ManagedDatabase("managedDatabase", ManagedDatabaseArgs.builder()
            .autoCompleteRestore(true)
            .collation("SQL_Latin1_General_CP1_CI_AS")
            .createMode("RestoreExternalBackup")
            .databaseName("managedDatabase")
            .lastBackupName("last_backup_name")
            .location("southeastasia")
            .managedInstanceName("managedInstance")
            .resourceGroupName("Default-SQL-SouthEastAsia")
            .storageContainerIdentity("ManagedIdentity")
            .storageContainerUri("https://myaccountname.blob.core.windows.net/backups")
            .build());

    }
}

resources:
  managedDatabase:
    type: azure-native:sql:ManagedDatabase
    properties:
      autoCompleteRestore: true
      collation: SQL_Latin1_General_CP1_CI_AS
      createMode: RestoreExternalBackup
      databaseName: managedDatabase
      lastBackupName: last_backup_name
      location: southeastasia
      managedInstanceName: managedInstance
      resourceGroupName: Default-SQL-SouthEastAsia
      storageContainerIdentity: ManagedIdentity
      storageContainerUri: https://myaccountname.blob.core.windows.net/backups

Setting storageContainerIdentity to ManagedIdentity switches authentication from SAS tokens to the managed instance’s identity. The managed instance must have the Storage Blob Data Reader role on the storage account. This approach eliminates credential management and rotation concerns.

Restore to a point in time from the same subscription

Point-in-time restore recovers databases to a specific moment, useful for recovering from accidental changes.

import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";

const managedDatabase = new azure_native.sql.ManagedDatabase("managedDatabase", {
    createMode: azure_native.sql.ManagedDatabaseCreateMode.PointInTimeRestore,
    databaseName: "managedDatabase",
    location: "southeastasia",
    managedInstanceName: "managedInstance",
    resourceGroupName: "Default-SQL-SouthEastAsia",
    restorePointInTime: "2017-07-14T05:35:31.503Z",
    sourceDatabaseId: "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Default-SQL-SouthEastAsia/providers/Microsoft.Sql/managedInstances/testsvr/databases/testdb",
});

import pulumi
import pulumi_azure_native as azure_native

managed_database = azure_native.sql.ManagedDatabase("managedDatabase",
    create_mode=azure_native.sql.ManagedDatabaseCreateMode.POINT_IN_TIME_RESTORE,
    database_name="managedDatabase",
    location="southeastasia",
    managed_instance_name="managedInstance",
    resource_group_name="Default-SQL-SouthEastAsia",
    restore_point_in_time="2017-07-14T05:35:31.503Z",
    source_database_id="/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Default-SQL-SouthEastAsia/providers/Microsoft.Sql/managedInstances/testsvr/databases/testdb")

package main

import (
	sql "github.com/pulumi/pulumi-azure-native-sdk/sql/v3"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := sql.NewManagedDatabase(ctx, "managedDatabase", &sql.ManagedDatabaseArgs{
			CreateMode:          pulumi.String(sql.ManagedDatabaseCreateModePointInTimeRestore),
			DatabaseName:        pulumi.String("managedDatabase"),
			Location:            pulumi.String("southeastasia"),
			ManagedInstanceName: pulumi.String("managedInstance"),
			ResourceGroupName:   pulumi.String("Default-SQL-SouthEastAsia"),
			RestorePointInTime:  pulumi.String("2017-07-14T05:35:31.503Z"),
			SourceDatabaseId:    pulumi.String("/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Default-SQL-SouthEastAsia/providers/Microsoft.Sql/managedInstances/testsvr/databases/testdb"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;

return await Deployment.RunAsync(() => 
{
    var managedDatabase = new AzureNative.Sql.ManagedDatabase("managedDatabase", new()
    {
        CreateMode = AzureNative.Sql.ManagedDatabaseCreateMode.PointInTimeRestore,
        DatabaseName = "managedDatabase",
        Location = "southeastasia",
        ManagedInstanceName = "managedInstance",
        ResourceGroupName = "Default-SQL-SouthEastAsia",
        RestorePointInTime = "2017-07-14T05:35:31.503Z",
        SourceDatabaseId = "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Default-SQL-SouthEastAsia/providers/Microsoft.Sql/managedInstances/testsvr/databases/testdb",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.sql.ManagedDatabase;
import com.pulumi.azurenative.sql.ManagedDatabaseArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var managedDatabase = new ManagedDatabase("managedDatabase", ManagedDatabaseArgs.builder()
            .createMode("PointInTimeRestore")
            .databaseName("managedDatabase")
            .location("southeastasia")
            .managedInstanceName("managedInstance")
            .resourceGroupName("Default-SQL-SouthEastAsia")
            .restorePointInTime("2017-07-14T05:35:31.503Z")
            .sourceDatabaseId("/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Default-SQL-SouthEastAsia/providers/Microsoft.Sql/managedInstances/testsvr/databases/testdb")
            .build());

    }
}

resources:
  managedDatabase:
    type: azure-native:sql:ManagedDatabase
    properties:
      createMode: PointInTimeRestore
      databaseName: managedDatabase
      location: southeastasia
      managedInstanceName: managedInstance
      resourceGroupName: Default-SQL-SouthEastAsia
      restorePointInTime: 2017-07-14T05:35:31.503Z
      sourceDatabaseId: /subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Default-SQL-SouthEastAsia/providers/Microsoft.Sql/managedInstances/testsvr/databases/testdb

The createMode PointInTimeRestore uses automatic backups to restore database state. The sourceDatabaseId references the database to restore from, and restorePointInTime specifies the exact moment in ISO8601 format. The restore point must fall within the retention period configured on the source database.

Restore across Azure subscriptions

Cross-subscription restore enables disaster recovery scenarios where production and recovery environments live in separate subscriptions.

import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";

const managedDatabase = new azure_native.sql.ManagedDatabase("managedDatabase", {
    createMode: azure_native.sql.ManagedDatabaseCreateMode.PointInTimeRestore,
    crossSubscriptionSourceDatabaseId: "/subscriptions/11111111-2222-3333-4444-555555555555/resourceGroups/Default-SQL-SouthEastAsia/providers/Microsoft.Sql/managedInstances/testsvr2/databases/testdb",
    crossSubscriptionTargetManagedInstanceId: "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Default-SQL-SouthEastAsia/providers/Microsoft.Sql/managedInstances/testsvr",
    databaseName: "managedDatabase",
    location: "southeastasia",
    managedInstanceName: "managedInstance",
    resourceGroupName: "Default-SQL-SouthEastAsia",
    restorePointInTime: "2017-07-14T05:35:31.503Z",
});

import pulumi
import pulumi_azure_native as azure_native

managed_database = azure_native.sql.ManagedDatabase("managedDatabase",
    create_mode=azure_native.sql.ManagedDatabaseCreateMode.POINT_IN_TIME_RESTORE,
    cross_subscription_source_database_id="/subscriptions/11111111-2222-3333-4444-555555555555/resourceGroups/Default-SQL-SouthEastAsia/providers/Microsoft.Sql/managedInstances/testsvr2/databases/testdb",
    cross_subscription_target_managed_instance_id="/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Default-SQL-SouthEastAsia/providers/Microsoft.Sql/managedInstances/testsvr",
    database_name="managedDatabase",
    location="southeastasia",
    managed_instance_name="managedInstance",
    resource_group_name="Default-SQL-SouthEastAsia",
    restore_point_in_time="2017-07-14T05:35:31.503Z")

package main

import (
	sql "github.com/pulumi/pulumi-azure-native-sdk/sql/v3"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := sql.NewManagedDatabase(ctx, "managedDatabase", &sql.ManagedDatabaseArgs{
			CreateMode:                               pulumi.String(sql.ManagedDatabaseCreateModePointInTimeRestore),
			CrossSubscriptionSourceDatabaseId:        pulumi.String("/subscriptions/11111111-2222-3333-4444-555555555555/resourceGroups/Default-SQL-SouthEastAsia/providers/Microsoft.Sql/managedInstances/testsvr2/databases/testdb"),
			CrossSubscriptionTargetManagedInstanceId: pulumi.String("/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Default-SQL-SouthEastAsia/providers/Microsoft.Sql/managedInstances/testsvr"),
			DatabaseName:                             pulumi.String("managedDatabase"),
			Location:                                 pulumi.String("southeastasia"),
			ManagedInstanceName:                      pulumi.String("managedInstance"),
			ResourceGroupName:                        pulumi.String("Default-SQL-SouthEastAsia"),
			RestorePointInTime:                       pulumi.String("2017-07-14T05:35:31.503Z"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;

return await Deployment.RunAsync(() => 
{
    var managedDatabase = new AzureNative.Sql.ManagedDatabase("managedDatabase", new()
    {
        CreateMode = AzureNative.Sql.ManagedDatabaseCreateMode.PointInTimeRestore,
        CrossSubscriptionSourceDatabaseId = "/subscriptions/11111111-2222-3333-4444-555555555555/resourceGroups/Default-SQL-SouthEastAsia/providers/Microsoft.Sql/managedInstances/testsvr2/databases/testdb",
        CrossSubscriptionTargetManagedInstanceId = "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Default-SQL-SouthEastAsia/providers/Microsoft.Sql/managedInstances/testsvr",
        DatabaseName = "managedDatabase",
        Location = "southeastasia",
        ManagedInstanceName = "managedInstance",
        ResourceGroupName = "Default-SQL-SouthEastAsia",
        RestorePointInTime = "2017-07-14T05:35:31.503Z",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.sql.ManagedDatabase;
import com.pulumi.azurenative.sql.ManagedDatabaseArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var managedDatabase = new ManagedDatabase("managedDatabase", ManagedDatabaseArgs.builder()
            .createMode("PointInTimeRestore")
            .crossSubscriptionSourceDatabaseId("/subscriptions/11111111-2222-3333-4444-555555555555/resourceGroups/Default-SQL-SouthEastAsia/providers/Microsoft.Sql/managedInstances/testsvr2/databases/testdb")
            .crossSubscriptionTargetManagedInstanceId("/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Default-SQL-SouthEastAsia/providers/Microsoft.Sql/managedInstances/testsvr")
            .databaseName("managedDatabase")
            .location("southeastasia")
            .managedInstanceName("managedInstance")
            .resourceGroupName("Default-SQL-SouthEastAsia")
            .restorePointInTime("2017-07-14T05:35:31.503Z")
            .build());

    }
}

resources:
  managedDatabase:
    type: azure-native:sql:ManagedDatabase
    properties:
      createMode: PointInTimeRestore
      crossSubscriptionSourceDatabaseId: /subscriptions/11111111-2222-3333-4444-555555555555/resourceGroups/Default-SQL-SouthEastAsia/providers/Microsoft.Sql/managedInstances/testsvr2/databases/testdb
      crossSubscriptionTargetManagedInstanceId: /subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Default-SQL-SouthEastAsia/providers/Microsoft.Sql/managedInstances/testsvr
      databaseName: managedDatabase
      location: southeastasia
      managedInstanceName: managedInstance
      resourceGroupName: Default-SQL-SouthEastAsia
      restorePointInTime: 2017-07-14T05:35:31.503Z

The crossSubscriptionSourceDatabaseId references a database in a different subscription, while crossSubscriptionTargetManagedInstanceId specifies the target managed instance. This configuration requires permissions in both subscriptions and enables recovery patterns where production and DR infrastructure are organizationally separated.

Recover from geo-replicated backup after regional failure

Geo-replicated backups enable recovery when an entire Azure region becomes unavailable.

import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";

const managedDatabase = new azure_native.sql.ManagedDatabase("managedDatabase", {
    createMode: azure_native.sql.ManagedDatabaseCreateMode.Recovery,
    databaseName: "testdb_recovered",
    location: "southeastasia",
    managedInstanceName: "server1",
    recoverableDatabaseId: "/subscriptions/11111111-2222-3333-4444-555555555555/resourceGroups/Default-SQL-WestEurope/providers/Microsoft.Sql/managedInstances/testsvr/recoverableDatabases/testdb",
    resourceGroupName: "Default-SQL-SouthEastAsia",
});

import pulumi
import pulumi_azure_native as azure_native

managed_database = azure_native.sql.ManagedDatabase("managedDatabase",
    create_mode=azure_native.sql.ManagedDatabaseCreateMode.RECOVERY,
    database_name="testdb_recovered",
    location="southeastasia",
    managed_instance_name="server1",
    recoverable_database_id="/subscriptions/11111111-2222-3333-4444-555555555555/resourceGroups/Default-SQL-WestEurope/providers/Microsoft.Sql/managedInstances/testsvr/recoverableDatabases/testdb",
    resource_group_name="Default-SQL-SouthEastAsia")

package main

import (
	sql "github.com/pulumi/pulumi-azure-native-sdk/sql/v3"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := sql.NewManagedDatabase(ctx, "managedDatabase", &sql.ManagedDatabaseArgs{
			CreateMode:            pulumi.String(sql.ManagedDatabaseCreateModeRecovery),
			DatabaseName:          pulumi.String("testdb_recovered"),
			Location:              pulumi.String("southeastasia"),
			ManagedInstanceName:   pulumi.String("server1"),
			RecoverableDatabaseId: pulumi.String("/subscriptions/11111111-2222-3333-4444-555555555555/resourceGroups/Default-SQL-WestEurope/providers/Microsoft.Sql/managedInstances/testsvr/recoverableDatabases/testdb"),
			ResourceGroupName:     pulumi.String("Default-SQL-SouthEastAsia"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;

return await Deployment.RunAsync(() => 
{
    var managedDatabase = new AzureNative.Sql.ManagedDatabase("managedDatabase", new()
    {
        CreateMode = AzureNative.Sql.ManagedDatabaseCreateMode.Recovery,
        DatabaseName = "testdb_recovered",
        Location = "southeastasia",
        ManagedInstanceName = "server1",
        RecoverableDatabaseId = "/subscriptions/11111111-2222-3333-4444-555555555555/resourceGroups/Default-SQL-WestEurope/providers/Microsoft.Sql/managedInstances/testsvr/recoverableDatabases/testdb",
        ResourceGroupName = "Default-SQL-SouthEastAsia",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.sql.ManagedDatabase;
import com.pulumi.azurenative.sql.ManagedDatabaseArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var managedDatabase = new ManagedDatabase("managedDatabase", ManagedDatabaseArgs.builder()
            .createMode("Recovery")
            .databaseName("testdb_recovered")
            .location("southeastasia")
            .managedInstanceName("server1")
            .recoverableDatabaseId("/subscriptions/11111111-2222-3333-4444-555555555555/resourceGroups/Default-SQL-WestEurope/providers/Microsoft.Sql/managedInstances/testsvr/recoverableDatabases/testdb")
            .resourceGroupName("Default-SQL-SouthEastAsia")
            .build());

    }
}

resources:
  managedDatabase:
    type: azure-native:sql:ManagedDatabase
    properties:
      createMode: Recovery
      databaseName: testdb_recovered
      location: southeastasia
      managedInstanceName: server1
      recoverableDatabaseId: /subscriptions/11111111-2222-3333-4444-555555555555/resourceGroups/Default-SQL-WestEurope/providers/Microsoft.Sql/managedInstances/testsvr/recoverableDatabases/testdb
      resourceGroupName: Default-SQL-SouthEastAsia

The createMode Recovery uses geo-replicated backups to restore databases to a paired region. The recoverableDatabaseId references the geo-replicated backup resource. This operation is typically used after regional service disruptions when the primary region is unavailable.

Beyond these examples

These snippets focus on specific managed database features: database creation and restore operations, external backup migration with SAS and managed identity, and point-in-time and cross-subscription restore. They’re intentionally minimal rather than full database migration solutions.

The examples reference pre-existing infrastructure such as Azure SQL Managed Instance, resource groups and Azure subscriptions, storage accounts with backup files for restore scenarios, and managed identities with appropriate role assignments for identity-based auth. They focus on configuring the database rather than provisioning the surrounding infrastructure.

To keep things focused, common database patterns are omitted, including:

Collation and catalog collation settings
Ledger database configuration (isLedgerOn)
Long-term retention backup restore
Tags and metadata organization

These omissions are intentional: the goal is to illustrate how each database creation and restore feature is wired, not provide drop-in migration modules. See the Managed Database resource reference for all available configuration options.

Let's deploy Azure SQL Managed Databases

Get started with Pulumi Cloud, then follow our quick setup guide to deploy this infrastructure.

Try Pulumi Cloud for FREE

Frequently Asked Questions

Database Creation & Restore

What restore options are available for managed databases?

You can create a managed database using several restore modes:

RestoreExternalBackup - Restore from external backup files in Azure Storage
PointInTimeRestore - Restore from a point-in-time backup of an existing database
Recovery - Restore from a geo-replicated backup
RestoreLongTermRetentionBackup - Restore from long-term retention backup

Set the createMode property to your chosen option.

How do I restore a managed database from an external backup?

Set createMode to RestoreExternalBackup and provide storageContainerUri pointing to your backup location. You’ll also need either storageContainerSasToken for SAS authentication or set storageContainerIdentity to ManagedIdentity for managed identity authentication. Optionally specify lastBackupName and collation.

What's the difference between SAS token and managed identity authentication for restores?

When restoring from external backup, you can authenticate to Azure Storage using either a SAS token or managed identity. Set storageContainerIdentity to ManagedIdentity to use the managed instance’s identity, or omit it (defaults to SharedAccessSignature) and provide storageContainerSasToken. Managed identity is more secure as it doesn’t require storing credentials.

Can I restore a managed database across Azure subscriptions?

Yes, for point-in-time restore across subscriptions, set createMode to PointInTimeRestore and provide crossSubscriptionSourceDatabaseId (source database in another subscription) and crossSubscriptionTargetManagedInstanceId (target instance). Also specify restorePointInTime.

What properties are required for each restore mode?

Required properties vary by createMode:

RestoreExternalBackup: storageContainerUri, and either storageContainerSasToken or storageContainerIdentity set to ManagedIdentity
PointInTimeRestore: sourceDatabaseId and restorePointInTime
Recovery: recoverableDatabaseId
RestoreLongTermRetentionBackup: longTermRetentionBackupResourceId

Immutability & Limitations

What properties can't I change after creating the database?

Most properties are immutable after creation, including location, createMode, collation, catalogCollation, isLedgerOn, databaseName, managedInstanceName, and all restore-related properties (sourceDatabaseId, restorePointInTime, storageContainerUri, etc.). To change these, you must recreate the database.

Can I change the database location or collation after creation?

No, both location and collation are immutable properties. You must specify the correct values during creation, as they cannot be changed later without recreating the database.

Can I disable ledger database functionality after creation?

No, the isLedgerOn property cannot be changed after the database is created. If you set isLedgerOn to true, all tables in the database become ledger tables permanently. Decide whether you need ledger functionality before creating the database.

Special Features

What is a ledger database?

A ledger database is one where isLedgerOn is set to true, making all tables in the database ledger tables. Ledger tables provide tamper-evidence capabilities by cryptographically recording data changes. This setting is immutable after database creation.

How do I perform a point-in-time restore?

Set createMode to PointInTimeRestore, provide sourceDatabaseId (the database to restore from), and specify restorePointInTime in ISO8601 format (e.g., 2017-07-14T05:35:31.503Z). For cross-subscription restore, also include crossSubscriptionSourceDatabaseId and crossSubscriptionTargetManagedInstanceId.

Using a different cloud?

Explore database guides for other cloud providers:

AWS Guides GCP Guides