- Create a managed PostgreSQL cluster with a predefined number of DB hosts
- Create a list of users and databases with permissions
- Easy to use in other resources via outputs
First, you need to create a VPC network with three subnets.
PostgreSQL module requires the following input variables:
- VPC network ID.
- VPC network subnet IDs.
- PostgreSQL host definitions: List of maps with DB host name, zone name, and subnet ID.
- Databases: List of databases with database names, owners, and other parameters.
- Owners: List of database owners.
- Users: All other users with a list of permissions to databases.
Notes:
- The
owners
variable defines a list of databases owners. It does not support thepermissions
list because these users will be linked withdatabases
via theowner
parameter. This means each database must have an owner. - The
users
variable defines a list of separate DB users with thepermissions
list, which points to a list of databases. This means each user will have access to each database from thepermissions
list. - The
settings_options
parameter may be null, in which case the default values will be used.
See examples section
- Install YC CLI
- Add environment variables for terraform auth in Yandex.Cloud
export YC_TOKEN=$(yc iam create-token)
export YC_CLOUD_ID=$(yc config get cloud-id)
export YC_FOLDER_ID=$(yc config get folder-id)
export TF_VAR_network_id=_vpc id here_
Name | Version |
---|---|
terraform | >= 1.3.0 |
random | > 3.3 |
yandex | >= 0.89.0 |
Name | Version |
---|---|
local | 2.4.0 |
random | 3.5.1 |
yandex | 0.98.0 |
No modules.
Name | Type |
---|---|
local_file.pgpass_file | resource |
random_password.password | resource |
yandex_dns_recordset.rw | resource |
yandex_mdb_postgresql_cluster.this | resource |
yandex_mdb_postgresql_database.database | resource |
yandex_mdb_postgresql_user.owner | resource |
yandex_mdb_postgresql_user.user | resource |
yandex_client_config.client | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
access_policy | Access policy from other services to the PostgreSQL cluster. | object({ |
{} |
no |
autofailover | (Optional) Configuration setting which enables and disables auto failover in the cluster. | bool |
true |
no |
backup_retain_period_days | (Optional) The period in days during which backups are stored. | number |
null |
no |
backup_window_start | (Optional) Time to start the daily backup, in the UTC timezone. | object({ |
null |
no |
databases | List of PostgreSQL databases. Required values: - name - (Required) The name of the database. - owner - (Required) Name of the user assigned as the owner of the database. Forbidden to change in an existing database. - extension - (Optional) Set of database extensions. - lc_collate - (Optional) POSIX locale for string sorting order. Forbidden to change in an existing database. - lc_type - (Optional) POSIX locale for character classification. Forbidden to change in an existing database. - template_db - (Optional) Name of the template database. - deletion_protection - (Optional) A deletion protection. |
list(object({ |
n/a | yes |
default_user_settings | The default user settings. These settings are overridden by the user's settings. Full description https://cloud.yandex.com/en-ru/docs/managed-postgresql/api-ref/grpc/user_service#UserSettings1 |
map(any) |
{} |
no |
deletion_protection | Protects the cluster from deletion | bool |
false |
no |
description | PostgreSQL cluster description | string |
"Managed PostgreSQL cluster" |
no |
disk_size | Disk size for every cluster host | number |
20 |
no |
disk_type | Disk type for all cluster hosts | string |
"network-ssd" |
no |
dns_cname_config | Creates a CNAME record of connection host in the specified DNS zone. Object values: - name - (Required) The DNS name this record set will apply to. - zone_id - (Required) The id of the zone in which this record set will reside - ttl - (Optional) The time-to-live of this record set (seconds). |
object({ |
null |
no |
environment | Environment type: PRODUCTION or PRESTABLE | string |
"PRODUCTION" |
no |
folder_id | Yandex Cloud Folder ID where the cluster resides | string |
null |
no |
host_master_name | Name of the master host. | string |
null |
no |
hosts_definition | A list of PostgreSQL hosts. | list(object({ |
n/a | yes |
labels | A set of label pairs to assing to the PostgreSQL cluster. | map(any) |
{} |
no |
maintenance_window | (Optional) Maintenance policy of the PostgreSQL cluster. - type - (Required) Type of maintenance window. Can be either ANYTIME or WEEKLY. A day and hour of window need to be specified with weekly window. - day - (Optional) Day of the week (in DDD format). Allowed values: "MON", "TUE", "WED", "THU", "FRI", "SAT", "SUN" - hour - (Optional) Hour of the day in UTC (in HH format). Allowed value is between 0 and 23. |
object({ |
{ |
no |
name | PostgreSQL cluster name | string |
"pgsql-cluster" |
no |
network_id | Network id of the PostgreSQL cluster | string |
n/a | yes |
owners | List of special PostgreSQL DB users - database owners. These users are created first and assigned to database as owner. There is also an aditional list for other users with own permissions. Required values: - name - (Required) The name of the user. - password - (Optional) The user's password. If it's omitted a random password will be generated. - grants - (Optional) List of the user's grants. - login - (Optional) The user's ability to login. - conn_limit - (Optional) The maximum number of connections per user. - settings - (Optional) A user setting options. - deletion_protection - (Optional) A deletion protection. |
list(object({ |
n/a | yes |
performance_diagnostics | (Optional) PostgreSQL cluster performance diagnostics settings. | object({ |
{} |
no |
pg_version | PostgreSQL version | string |
"15" |
no |
pgpass_path | Location of the .pgpass file. If it's omitted the file will not be created | string |
null |
no |
pooler_config | Configuration of the connection pooler. - pool_discard - Setting pool_discard parameter in Odyssey. Values: yes | no - pooling_mode - Mode that the connection pooler is working in. Values: POOLING_MODE_UNSPECIFIED , SESSION , TRANSACTION , STATEMENT |
object({ |
null |
no |
postgresql_config | Map of PostgreSQL cluster configuration. Details info in a 'PostgreSQL cluster settings' of official documentation. Link: https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/mdb_postgresql_cluster#postgresql-cluster-settings |
map(any) |
null |
no |
resource_preset_id | Preset for hosts | string |
"s2.micro" |
no |
restore_parameters | The cluster will be created from the specified backup. NOTES: - backup_id must be specified to create a new PostgreSQL cluster from a backup. - time format is 'yyy-mm-ddThh:mi:ss', where T is a delimeter, e.g. "2023-04-05T11:22:33". - time_inclusive indicates recovery to nearest recovery point just before (false) or right after (true) the time. |
object({ |
null |
no |
security_groups_ids_list | List of security group IDs to which the PostgreSQL cluster belongs | list(string) |
[] |
no |
users | List of additional PostgreSQL users with own permissions. They are created at the end. Required values: - name - (Required) The name of the user. - password - (Optional) The user's password. If it's omitted a random password will be generated. - grants - (Optional) List of the user's grants. - login - (Optional) The user's ability to login. - conn_limit - (Optional) The maximum number of connections per user. - permissions - (Optional) List of databases names for an access - settings - (Optional) A user setting options. - deletion_protection - (Optional) A deletion protection. |
list(object({ |
[] |
no |
Name | Description |
---|---|
cluster_fqdns_list | PostgreSQL cluster nodes FQDN list |
cluster_host_names_list | PostgreSQL cluster host name |
cluster_id | PostgreSQL cluster ID |
cluster_name | PostgreSQL cluster name |
connection_host_cname | PostgreSQL cluster connection host CNAME. |
connection_step_1 | 1 step - Install certificate |
connection_step_2 | How connect to PostgreSQL cluster? 1. Install certificate mkdir --parents ~/.postgresql && \ curl -sfL "https://storage.yandexcloud.net/cloud-certs/CA.pem" -o ~/.postgresql/root.crt && \ chmod 0600 ~/.postgresql/root.crt 2. Run connection string from the output value, for example psql "host=rc1a-g2em5m3zc9dxxasn.mdb.yandexcloud.net \ port=6432 \ sslmode=verify-full \ dbname=db-b \ user=owner-b \ target_session_attrs=read-write" |
databases | List of databases names. |
owners_data | List of owners with passwords. |
users_data | List of users with passwords. |