The azure-native:sql:ManagedDatabase resource, part of the Pulumi Azure Native provider, defines a database within an Azure SQL Managed Instance: its creation method, restore source, and configuration. This guide focuses on four capabilities: creating new databases, restoring from external backups, point-in-time and cross-subscription restore, and geo-replicated backup recovery.
Managed databases require an existing managed instance and may reference storage accounts, backup files, or source databases depending on the creation mode. The examples are intentionally small. Combine them with your own managed instances, backup strategies, and disaster recovery plans.
Create a new database on a managed instance
Most deployments start by creating a new database on an existing managed instance with basic configuration.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const managedDatabase = new azure_native.sql.ManagedDatabase("managedDatabase", {
databaseName: "managedDatabase",
location: "southeastasia",
managedInstanceName: "managedInstance",
resourceGroupName: "Default-SQL-SouthEastAsia",
});
import pulumi
import pulumi_azure_native as azure_native
managed_database = azure_native.sql.ManagedDatabase("managedDatabase",
database_name="managedDatabase",
location="southeastasia",
managed_instance_name="managedInstance",
resource_group_name="Default-SQL-SouthEastAsia")
package main
import (
sql "github.com/pulumi/pulumi-azure-native-sdk/sql/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := sql.NewManagedDatabase(ctx, "managedDatabase", &sql.ManagedDatabaseArgs{
DatabaseName: pulumi.String("managedDatabase"),
Location: pulumi.String("southeastasia"),
ManagedInstanceName: pulumi.String("managedInstance"),
ResourceGroupName: pulumi.String("Default-SQL-SouthEastAsia"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var managedDatabase = new AzureNative.Sql.ManagedDatabase("managedDatabase", new()
{
DatabaseName = "managedDatabase",
Location = "southeastasia",
ManagedInstanceName = "managedInstance",
ResourceGroupName = "Default-SQL-SouthEastAsia",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.sql.ManagedDatabase;
import com.pulumi.azurenative.sql.ManagedDatabaseArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var managedDatabase = new ManagedDatabase("managedDatabase", ManagedDatabaseArgs.builder()
.databaseName("managedDatabase")
.location("southeastasia")
.managedInstanceName("managedInstance")
.resourceGroupName("Default-SQL-SouthEastAsia")
.build());
}
}
resources:
managedDatabase:
type: azure-native:sql:ManagedDatabase
properties:
databaseName: managedDatabase
location: southeastasia
managedInstanceName: managedInstance
resourceGroupName: Default-SQL-SouthEastAsia
The databaseName property sets the database identifier. The managedInstanceName references the parent managed instance that must already exist. Without specifying createMode, the database is created empty with default collation and settings.
Restore from external backup with SAS token authentication
Teams migrating from on-premises SQL Server often restore databases from backup files stored in Azure Blob Storage.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const managedDatabase = new azure_native.sql.ManagedDatabase("managedDatabase", {
autoCompleteRestore: true,
collation: "SQL_Latin1_General_CP1_CI_AS",
createMode: azure_native.sql.ManagedDatabaseCreateMode.RestoreExternalBackup,
databaseName: "managedDatabase",
lastBackupName: "last_backup_name",
location: "southeastasia",
managedInstanceName: "managedInstance",
resourceGroupName: "Default-SQL-SouthEastAsia",
storageContainerSasToken: "sv=2015-12-11&sr=c&sp=rl&sig=1234",
storageContainerUri: "https://myaccountname.blob.core.windows.net/backups",
});
import pulumi
import pulumi_azure_native as azure_native
managed_database = azure_native.sql.ManagedDatabase("managedDatabase",
auto_complete_restore=True,
collation="SQL_Latin1_General_CP1_CI_AS",
create_mode=azure_native.sql.ManagedDatabaseCreateMode.RESTORE_EXTERNAL_BACKUP,
database_name="managedDatabase",
last_backup_name="last_backup_name",
location="southeastasia",
managed_instance_name="managedInstance",
resource_group_name="Default-SQL-SouthEastAsia",
storage_container_sas_token="sv=2015-12-11&sr=c&sp=rl&sig=1234",
storage_container_uri="https://myaccountname.blob.core.windows.net/backups")
package main
import (
sql "github.com/pulumi/pulumi-azure-native-sdk/sql/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := sql.NewManagedDatabase(ctx, "managedDatabase", &sql.ManagedDatabaseArgs{
AutoCompleteRestore: pulumi.Bool(true),
Collation: pulumi.String("SQL_Latin1_General_CP1_CI_AS"),
CreateMode: pulumi.String(sql.ManagedDatabaseCreateModeRestoreExternalBackup),
DatabaseName: pulumi.String("managedDatabase"),
LastBackupName: pulumi.String("last_backup_name"),
Location: pulumi.String("southeastasia"),
ManagedInstanceName: pulumi.String("managedInstance"),
ResourceGroupName: pulumi.String("Default-SQL-SouthEastAsia"),
StorageContainerSasToken: pulumi.String("sv=2015-12-11&sr=c&sp=rl&sig=1234"),
StorageContainerUri: pulumi.String("https://myaccountname.blob.core.windows.net/backups"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var managedDatabase = new AzureNative.Sql.ManagedDatabase("managedDatabase", new()
{
AutoCompleteRestore = true,
Collation = "SQL_Latin1_General_CP1_CI_AS",
CreateMode = AzureNative.Sql.ManagedDatabaseCreateMode.RestoreExternalBackup,
DatabaseName = "managedDatabase",
LastBackupName = "last_backup_name",
Location = "southeastasia",
ManagedInstanceName = "managedInstance",
ResourceGroupName = "Default-SQL-SouthEastAsia",
StorageContainerSasToken = "sv=2015-12-11&sr=c&sp=rl&sig=1234",
StorageContainerUri = "https://myaccountname.blob.core.windows.net/backups",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.sql.ManagedDatabase;
import com.pulumi.azurenative.sql.ManagedDatabaseArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var managedDatabase = new ManagedDatabase("managedDatabase", ManagedDatabaseArgs.builder()
.autoCompleteRestore(true)
.collation("SQL_Latin1_General_CP1_CI_AS")
.createMode("RestoreExternalBackup")
.databaseName("managedDatabase")
.lastBackupName("last_backup_name")
.location("southeastasia")
.managedInstanceName("managedInstance")
.resourceGroupName("Default-SQL-SouthEastAsia")
.storageContainerSasToken("sv=2015-12-11&sr=c&sp=rl&sig=1234")
.storageContainerUri("https://myaccountname.blob.core.windows.net/backups")
.build());
}
}
resources:
managedDatabase:
type: azure-native:sql:ManagedDatabase
properties:
autoCompleteRestore: true
collation: SQL_Latin1_General_CP1_CI_AS
createMode: RestoreExternalBackup
databaseName: managedDatabase
lastBackupName: last_backup_name
location: southeastasia
managedInstanceName: managedInstance
resourceGroupName: Default-SQL-SouthEastAsia
storageContainerSasToken: sv=2015-12-11&sr=c&sp=rl&sig=1234
storageContainerUri: https://myaccountname.blob.core.windows.net/backups
The createMode property set to RestoreExternalBackup tells Azure to restore from external .bak files. The storageContainerUri points to the blob container, and storageContainerSasToken provides read access. The lastBackupName identifies which backup file to restore, and autoCompleteRestore determines whether the restore completes automatically or waits for additional transaction logs.
Restore from external backup with managed identity
Organizations using managed identities can restore databases without managing SAS tokens.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const managedDatabase = new azure_native.sql.ManagedDatabase("managedDatabase", {
autoCompleteRestore: true,
collation: "SQL_Latin1_General_CP1_CI_AS",
createMode: azure_native.sql.ManagedDatabaseCreateMode.RestoreExternalBackup,
databaseName: "managedDatabase",
lastBackupName: "last_backup_name",
location: "southeastasia",
managedInstanceName: "managedInstance",
resourceGroupName: "Default-SQL-SouthEastAsia",
storageContainerIdentity: "ManagedIdentity",
storageContainerUri: "https://myaccountname.blob.core.windows.net/backups",
});
import pulumi
import pulumi_azure_native as azure_native
managed_database = azure_native.sql.ManagedDatabase("managedDatabase",
auto_complete_restore=True,
collation="SQL_Latin1_General_CP1_CI_AS",
create_mode=azure_native.sql.ManagedDatabaseCreateMode.RESTORE_EXTERNAL_BACKUP,
database_name="managedDatabase",
last_backup_name="last_backup_name",
location="southeastasia",
managed_instance_name="managedInstance",
resource_group_name="Default-SQL-SouthEastAsia",
storage_container_identity="ManagedIdentity",
storage_container_uri="https://myaccountname.blob.core.windows.net/backups")
package main
import (
sql "github.com/pulumi/pulumi-azure-native-sdk/sql/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := sql.NewManagedDatabase(ctx, "managedDatabase", &sql.ManagedDatabaseArgs{
AutoCompleteRestore: pulumi.Bool(true),
Collation: pulumi.String("SQL_Latin1_General_CP1_CI_AS"),
CreateMode: pulumi.String(sql.ManagedDatabaseCreateModeRestoreExternalBackup),
DatabaseName: pulumi.String("managedDatabase"),
LastBackupName: pulumi.String("last_backup_name"),
Location: pulumi.String("southeastasia"),
ManagedInstanceName: pulumi.String("managedInstance"),
ResourceGroupName: pulumi.String("Default-SQL-SouthEastAsia"),
StorageContainerIdentity: pulumi.String("ManagedIdentity"),
StorageContainerUri: pulumi.String("https://myaccountname.blob.core.windows.net/backups"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var managedDatabase = new AzureNative.Sql.ManagedDatabase("managedDatabase", new()
{
AutoCompleteRestore = true,
Collation = "SQL_Latin1_General_CP1_CI_AS",
CreateMode = AzureNative.Sql.ManagedDatabaseCreateMode.RestoreExternalBackup,
DatabaseName = "managedDatabase",
LastBackupName = "last_backup_name",
Location = "southeastasia",
ManagedInstanceName = "managedInstance",
ResourceGroupName = "Default-SQL-SouthEastAsia",
StorageContainerIdentity = "ManagedIdentity",
StorageContainerUri = "https://myaccountname.blob.core.windows.net/backups",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.sql.ManagedDatabase;
import com.pulumi.azurenative.sql.ManagedDatabaseArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var managedDatabase = new ManagedDatabase("managedDatabase", ManagedDatabaseArgs.builder()
.autoCompleteRestore(true)
.collation("SQL_Latin1_General_CP1_CI_AS")
.createMode("RestoreExternalBackup")
.databaseName("managedDatabase")
.lastBackupName("last_backup_name")
.location("southeastasia")
.managedInstanceName("managedInstance")
.resourceGroupName("Default-SQL-SouthEastAsia")
.storageContainerIdentity("ManagedIdentity")
.storageContainerUri("https://myaccountname.blob.core.windows.net/backups")
.build());
}
}
resources:
managedDatabase:
type: azure-native:sql:ManagedDatabase
properties:
autoCompleteRestore: true
collation: SQL_Latin1_General_CP1_CI_AS
createMode: RestoreExternalBackup
databaseName: managedDatabase
lastBackupName: last_backup_name
location: southeastasia
managedInstanceName: managedInstance
resourceGroupName: Default-SQL-SouthEastAsia
storageContainerIdentity: ManagedIdentity
storageContainerUri: https://myaccountname.blob.core.windows.net/backups
Setting storageContainerIdentity to ManagedIdentity switches authentication from SAS tokens to the managed instance’s identity. The managed instance must have the Storage Blob Data Reader role on the storage account. This approach eliminates credential management and rotation concerns.
Restore to a point in time from the same subscription
Point-in-time restore recovers databases to a specific moment, useful for recovering from accidental changes.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const managedDatabase = new azure_native.sql.ManagedDatabase("managedDatabase", {
createMode: azure_native.sql.ManagedDatabaseCreateMode.PointInTimeRestore,
databaseName: "managedDatabase",
location: "southeastasia",
managedInstanceName: "managedInstance",
resourceGroupName: "Default-SQL-SouthEastAsia",
restorePointInTime: "2017-07-14T05:35:31.503Z",
sourceDatabaseId: "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Default-SQL-SouthEastAsia/providers/Microsoft.Sql/managedInstances/testsvr/databases/testdb",
});
import pulumi
import pulumi_azure_native as azure_native
managed_database = azure_native.sql.ManagedDatabase("managedDatabase",
create_mode=azure_native.sql.ManagedDatabaseCreateMode.POINT_IN_TIME_RESTORE,
database_name="managedDatabase",
location="southeastasia",
managed_instance_name="managedInstance",
resource_group_name="Default-SQL-SouthEastAsia",
restore_point_in_time="2017-07-14T05:35:31.503Z",
source_database_id="/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Default-SQL-SouthEastAsia/providers/Microsoft.Sql/managedInstances/testsvr/databases/testdb")
package main
import (
sql "github.com/pulumi/pulumi-azure-native-sdk/sql/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := sql.NewManagedDatabase(ctx, "managedDatabase", &sql.ManagedDatabaseArgs{
CreateMode: pulumi.String(sql.ManagedDatabaseCreateModePointInTimeRestore),
DatabaseName: pulumi.String("managedDatabase"),
Location: pulumi.String("southeastasia"),
ManagedInstanceName: pulumi.String("managedInstance"),
ResourceGroupName: pulumi.String("Default-SQL-SouthEastAsia"),
RestorePointInTime: pulumi.String("2017-07-14T05:35:31.503Z"),
SourceDatabaseId: pulumi.String("/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Default-SQL-SouthEastAsia/providers/Microsoft.Sql/managedInstances/testsvr/databases/testdb"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var managedDatabase = new AzureNative.Sql.ManagedDatabase("managedDatabase", new()
{
CreateMode = AzureNative.Sql.ManagedDatabaseCreateMode.PointInTimeRestore,
DatabaseName = "managedDatabase",
Location = "southeastasia",
ManagedInstanceName = "managedInstance",
ResourceGroupName = "Default-SQL-SouthEastAsia",
RestorePointInTime = "2017-07-14T05:35:31.503Z",
SourceDatabaseId = "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Default-SQL-SouthEastAsia/providers/Microsoft.Sql/managedInstances/testsvr/databases/testdb",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.sql.ManagedDatabase;
import com.pulumi.azurenative.sql.ManagedDatabaseArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var managedDatabase = new ManagedDatabase("managedDatabase", ManagedDatabaseArgs.builder()
.createMode("PointInTimeRestore")
.databaseName("managedDatabase")
.location("southeastasia")
.managedInstanceName("managedInstance")
.resourceGroupName("Default-SQL-SouthEastAsia")
.restorePointInTime("2017-07-14T05:35:31.503Z")
.sourceDatabaseId("/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Default-SQL-SouthEastAsia/providers/Microsoft.Sql/managedInstances/testsvr/databases/testdb")
.build());
}
}
resources:
managedDatabase:
type: azure-native:sql:ManagedDatabase
properties:
createMode: PointInTimeRestore
databaseName: managedDatabase
location: southeastasia
managedInstanceName: managedInstance
resourceGroupName: Default-SQL-SouthEastAsia
restorePointInTime: 2017-07-14T05:35:31.503Z
sourceDatabaseId: /subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Default-SQL-SouthEastAsia/providers/Microsoft.Sql/managedInstances/testsvr/databases/testdb
The createMode PointInTimeRestore uses automatic backups to restore database state. The sourceDatabaseId references the database to restore from, and restorePointInTime specifies the exact moment in ISO8601 format. The restore point must fall within the retention period configured on the source database.
Restore across Azure subscriptions
Cross-subscription restore enables disaster recovery scenarios where production and recovery environments live in separate subscriptions.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const managedDatabase = new azure_native.sql.ManagedDatabase("managedDatabase", {
createMode: azure_native.sql.ManagedDatabaseCreateMode.PointInTimeRestore,
crossSubscriptionSourceDatabaseId: "/subscriptions/11111111-2222-3333-4444-555555555555/resourceGroups/Default-SQL-SouthEastAsia/providers/Microsoft.Sql/managedInstances/testsvr2/databases/testdb",
crossSubscriptionTargetManagedInstanceId: "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Default-SQL-SouthEastAsia/providers/Microsoft.Sql/managedInstances/testsvr",
databaseName: "managedDatabase",
location: "southeastasia",
managedInstanceName: "managedInstance",
resourceGroupName: "Default-SQL-SouthEastAsia",
restorePointInTime: "2017-07-14T05:35:31.503Z",
});
import pulumi
import pulumi_azure_native as azure_native
managed_database = azure_native.sql.ManagedDatabase("managedDatabase",
create_mode=azure_native.sql.ManagedDatabaseCreateMode.POINT_IN_TIME_RESTORE,
cross_subscription_source_database_id="/subscriptions/11111111-2222-3333-4444-555555555555/resourceGroups/Default-SQL-SouthEastAsia/providers/Microsoft.Sql/managedInstances/testsvr2/databases/testdb",
cross_subscription_target_managed_instance_id="/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Default-SQL-SouthEastAsia/providers/Microsoft.Sql/managedInstances/testsvr",
database_name="managedDatabase",
location="southeastasia",
managed_instance_name="managedInstance",
resource_group_name="Default-SQL-SouthEastAsia",
restore_point_in_time="2017-07-14T05:35:31.503Z")
package main
import (
sql "github.com/pulumi/pulumi-azure-native-sdk/sql/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := sql.NewManagedDatabase(ctx, "managedDatabase", &sql.ManagedDatabaseArgs{
CreateMode: pulumi.String(sql.ManagedDatabaseCreateModePointInTimeRestore),
CrossSubscriptionSourceDatabaseId: pulumi.String("/subscriptions/11111111-2222-3333-4444-555555555555/resourceGroups/Default-SQL-SouthEastAsia/providers/Microsoft.Sql/managedInstances/testsvr2/databases/testdb"),
CrossSubscriptionTargetManagedInstanceId: pulumi.String("/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Default-SQL-SouthEastAsia/providers/Microsoft.Sql/managedInstances/testsvr"),
DatabaseName: pulumi.String("managedDatabase"),
Location: pulumi.String("southeastasia"),
ManagedInstanceName: pulumi.String("managedInstance"),
ResourceGroupName: pulumi.String("Default-SQL-SouthEastAsia"),
RestorePointInTime: pulumi.String("2017-07-14T05:35:31.503Z"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var managedDatabase = new AzureNative.Sql.ManagedDatabase("managedDatabase", new()
{
CreateMode = AzureNative.Sql.ManagedDatabaseCreateMode.PointInTimeRestore,
CrossSubscriptionSourceDatabaseId = "/subscriptions/11111111-2222-3333-4444-555555555555/resourceGroups/Default-SQL-SouthEastAsia/providers/Microsoft.Sql/managedInstances/testsvr2/databases/testdb",
CrossSubscriptionTargetManagedInstanceId = "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Default-SQL-SouthEastAsia/providers/Microsoft.Sql/managedInstances/testsvr",
DatabaseName = "managedDatabase",
Location = "southeastasia",
ManagedInstanceName = "managedInstance",
ResourceGroupName = "Default-SQL-SouthEastAsia",
RestorePointInTime = "2017-07-14T05:35:31.503Z",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.sql.ManagedDatabase;
import com.pulumi.azurenative.sql.ManagedDatabaseArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var managedDatabase = new ManagedDatabase("managedDatabase", ManagedDatabaseArgs.builder()
.createMode("PointInTimeRestore")
.crossSubscriptionSourceDatabaseId("/subscriptions/11111111-2222-3333-4444-555555555555/resourceGroups/Default-SQL-SouthEastAsia/providers/Microsoft.Sql/managedInstances/testsvr2/databases/testdb")
.crossSubscriptionTargetManagedInstanceId("/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Default-SQL-SouthEastAsia/providers/Microsoft.Sql/managedInstances/testsvr")
.databaseName("managedDatabase")
.location("southeastasia")
.managedInstanceName("managedInstance")
.resourceGroupName("Default-SQL-SouthEastAsia")
.restorePointInTime("2017-07-14T05:35:31.503Z")
.build());
}
}
resources:
managedDatabase:
type: azure-native:sql:ManagedDatabase
properties:
createMode: PointInTimeRestore
crossSubscriptionSourceDatabaseId: /subscriptions/11111111-2222-3333-4444-555555555555/resourceGroups/Default-SQL-SouthEastAsia/providers/Microsoft.Sql/managedInstances/testsvr2/databases/testdb
crossSubscriptionTargetManagedInstanceId: /subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Default-SQL-SouthEastAsia/providers/Microsoft.Sql/managedInstances/testsvr
databaseName: managedDatabase
location: southeastasia
managedInstanceName: managedInstance
resourceGroupName: Default-SQL-SouthEastAsia
restorePointInTime: 2017-07-14T05:35:31.503Z
The crossSubscriptionSourceDatabaseId references a database in a different subscription, while crossSubscriptionTargetManagedInstanceId specifies the target managed instance. This configuration requires permissions in both subscriptions and enables recovery patterns where production and DR infrastructure are organizationally separated.
Recover from geo-replicated backup after regional failure
Geo-replicated backups enable recovery when an entire Azure region becomes unavailable.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const managedDatabase = new azure_native.sql.ManagedDatabase("managedDatabase", {
createMode: azure_native.sql.ManagedDatabaseCreateMode.Recovery,
databaseName: "testdb_recovered",
location: "southeastasia",
managedInstanceName: "server1",
recoverableDatabaseId: "/subscriptions/11111111-2222-3333-4444-555555555555/resourceGroups/Default-SQL-WestEurope/providers/Microsoft.Sql/managedInstances/testsvr/recoverableDatabases/testdb",
resourceGroupName: "Default-SQL-SouthEastAsia",
});
import pulumi
import pulumi_azure_native as azure_native
managed_database = azure_native.sql.ManagedDatabase("managedDatabase",
create_mode=azure_native.sql.ManagedDatabaseCreateMode.RECOVERY,
database_name="testdb_recovered",
location="southeastasia",
managed_instance_name="server1",
recoverable_database_id="/subscriptions/11111111-2222-3333-4444-555555555555/resourceGroups/Default-SQL-WestEurope/providers/Microsoft.Sql/managedInstances/testsvr/recoverableDatabases/testdb",
resource_group_name="Default-SQL-SouthEastAsia")
package main
import (
sql "github.com/pulumi/pulumi-azure-native-sdk/sql/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := sql.NewManagedDatabase(ctx, "managedDatabase", &sql.ManagedDatabaseArgs{
CreateMode: pulumi.String(sql.ManagedDatabaseCreateModeRecovery),
DatabaseName: pulumi.String("testdb_recovered"),
Location: pulumi.String("southeastasia"),
ManagedInstanceName: pulumi.String("server1"),
RecoverableDatabaseId: pulumi.String("/subscriptions/11111111-2222-3333-4444-555555555555/resourceGroups/Default-SQL-WestEurope/providers/Microsoft.Sql/managedInstances/testsvr/recoverableDatabases/testdb"),
ResourceGroupName: pulumi.String("Default-SQL-SouthEastAsia"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var managedDatabase = new AzureNative.Sql.ManagedDatabase("managedDatabase", new()
{
CreateMode = AzureNative.Sql.ManagedDatabaseCreateMode.Recovery,
DatabaseName = "testdb_recovered",
Location = "southeastasia",
ManagedInstanceName = "server1",
RecoverableDatabaseId = "/subscriptions/11111111-2222-3333-4444-555555555555/resourceGroups/Default-SQL-WestEurope/providers/Microsoft.Sql/managedInstances/testsvr/recoverableDatabases/testdb",
ResourceGroupName = "Default-SQL-SouthEastAsia",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.sql.ManagedDatabase;
import com.pulumi.azurenative.sql.ManagedDatabaseArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var managedDatabase = new ManagedDatabase("managedDatabase", ManagedDatabaseArgs.builder()
.createMode("Recovery")
.databaseName("testdb_recovered")
.location("southeastasia")
.managedInstanceName("server1")
.recoverableDatabaseId("/subscriptions/11111111-2222-3333-4444-555555555555/resourceGroups/Default-SQL-WestEurope/providers/Microsoft.Sql/managedInstances/testsvr/recoverableDatabases/testdb")
.resourceGroupName("Default-SQL-SouthEastAsia")
.build());
}
}
resources:
managedDatabase:
type: azure-native:sql:ManagedDatabase
properties:
createMode: Recovery
databaseName: testdb_recovered
location: southeastasia
managedInstanceName: server1
recoverableDatabaseId: /subscriptions/11111111-2222-3333-4444-555555555555/resourceGroups/Default-SQL-WestEurope/providers/Microsoft.Sql/managedInstances/testsvr/recoverableDatabases/testdb
resourceGroupName: Default-SQL-SouthEastAsia
The createMode Recovery uses geo-replicated backups to restore databases to a paired region. The recoverableDatabaseId references the geo-replicated backup resource. This operation is typically used after regional service disruptions when the primary region is unavailable.
Beyond these examples
These snippets focus on specific managed database features: database creation and restore operations, external backup migration with SAS and managed identity, and point-in-time and cross-subscription restore. They’re intentionally minimal rather than full database migration solutions.
The examples reference pre-existing infrastructure such as Azure SQL Managed Instance, resource groups and Azure subscriptions, storage accounts with backup files for restore scenarios, and managed identities with appropriate role assignments for identity-based auth. They focus on configuring the database rather than provisioning the surrounding infrastructure.
To keep things focused, common database patterns are omitted, including:
- Collation and catalog collation settings
- Ledger database configuration (isLedgerOn)
- Long-term retention backup restore
- Tags and metadata organization
These omissions are intentional: the goal is to illustrate how each database creation and restore feature is wired, not provide drop-in migration modules. See the Managed Database resource reference for all available configuration options.
Let's deploy Azure SQL Managed Databases
Get started with Pulumi Cloud, then follow our quick setup guide to deploy this infrastructure.
Try Pulumi Cloud for FREEFrequently Asked Questions
Database Creation & Restore Modes
What are the different ways to create a managed database?
You can create a managed database using several
createMode options: PointInTimeRestore (restore from a point in time), RestoreExternalBackup (restore from external backup files), Recovery (restore from geo-replicated backup), or RestoreLongTermRetentionBackup (restore from long-term retention backup). Each mode requires different properties.How do I restore a managed database from an external backup?
Set
createMode to RestoreExternalBackup and provide storageContainerUri. For authentication, either specify storageContainerSasToken or set storageContainerIdentity to ManagedIdentity.How do I perform a point-in-time restore?
Set
createMode to PointInTimeRestore, provide sourceDatabaseId, and specify restorePointInTime in ISO8601 format (e.g., “2017-07-14T05:35:31.503Z”).How do I restore from a geo-replicated backup?
Set
createMode to Recovery and provide recoverableDatabaseId as the recoverable database resource ID to restore.Cross-Subscription Operations
Can I restore a database from a different Azure subscription?
Yes, use
createMode set to PointInTimeRestore with crossSubscriptionSourceDatabaseId (source database ID) and crossSubscriptionTargetManagedInstanceId (target instance ID).Can I restore a dropped database from another subscription?
Yes, provide
crossSubscriptionRestorableDroppedDatabaseId as the restorable dropped database resource ID when creating the database.Storage Authentication
How do I authenticate to storage for external backup restores?
You have two options: use
storageContainerSasToken with a SAS token, or set storageContainerIdentity to ManagedIdentity. If storageContainerIdentity isn’t specified, it defaults to SharedAccessSignature.What's the default authentication method for storage containers?
The default is
SharedAccessSignature. If you don’t specify storageContainerIdentity, the system assumes SAS token authentication.Immutability & Limitations
What properties can't I change after creating the database?
Most properties are immutable, including
location, createMode, collation, catalogCollation, isLedgerOn, and all restore-related properties. Only tags can be modified after creation.Can I disable ledger after enabling it on a database?
No, the
isLedgerOn property cannot be changed after the database has been created. All tables in a ledger database remain ledger tables permanently.Ledger Databases
What happens when I set isLedgerOn to true?
All tables in the database become ledger tables. This setting is permanent and cannot be changed after database creation.
Can I convert an existing database to a ledger database?
No,
isLedgerOn is immutable and must be set during database creation. You cannot convert an existing non-ledger database to a ledger database.