Microsoft.DBforPostgreSQL flexibleServers

Bicep resource definition

The flexibleServers resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.DBforPostgreSQL/flexibleServers resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.DBforPostgreSQL/flexibleServers@2025-08-01' = {
  scope: resourceSymbolicName or scope
  identity: {
    principalId: 'string'
    type: 'string'
    userAssignedIdentities: {
      {customized property}: {
        clientId: 'string'
        principalId: 'string'
      }
    }
  }
  location: 'string'
  name: 'string'
  properties: {
    administratorLogin: 'string'
    administratorLoginPassword: 'string'
    authConfig: {
      activeDirectoryAuth: 'string'
      passwordAuth: 'string'
      tenantId: 'string'
    }
    availabilityZone: 'string'
    backup: {
      backupRetentionDays: int
      geoRedundantBackup: 'string'
    }
    cluster: {
      clusterSize: int
      defaultDatabaseName: 'string'
    }
    createMode: 'string'
    dataEncryption: {
      geoBackupKeyURI: 'string'
      geoBackupUserAssignedIdentityId: 'string'
      primaryKeyURI: 'string'
      primaryUserAssignedIdentityId: 'string'
      type: 'string'
    }
    highAvailability: {
      mode: 'string'
      standbyAvailabilityZone: 'string'
    }
    maintenanceWindow: {
      customWindow: 'string'
      dayOfWeek: int
      startHour: int
      startMinute: int
    }
    network: {
      delegatedSubnetResourceId: 'string'
      privateDnsZoneArmResourceId: 'string'
      publicNetworkAccess: 'string'
    }
    pointInTimeUTC: 'string'
    replica: {
      promoteMode: 'string'
      promoteOption: 'string'
      role: 'string'
    }
    replicationRole: 'string'
    sourceServerResourceId: 'string'
    storage: {
      autoGrow: 'string'
      iops: int
      storageSizeGB: int
      throughput: int
      tier: 'string'
      type: 'string'
    }
    version: 'string'
  }
  sku: {
    name: 'string'
    tier: 'string'
  }
  tags: {
    {customized property}: 'string'
  }
}

Property Values

Microsoft.DBforPostgreSQL/flexibleServers

Name	Description	Value
identity	User assigned managed identities assigned to the server.	UserAssignedIdentity
location	The geo-location where the resource lives	string (required)
name	The resource name	string Constraints: Min length = 3 Max length = 63 Pattern = `^[a-zA-Z0-9]+(-[a-zA-Z0-9]+)*` (required)
properties	Properties of a server.	ServerProperties
scope	Use when creating a resource at a scope that is different than the deployment scope.	Set this property to the symbolic name of a resource to apply the extension resource.
sku	Compute tier and size of a server.	Sku
tags	Resource tags	Dictionary of tag names and values. See Tags in templates

AuthConfig

Name	Description	Value
activeDirectoryAuth	Indicates if the server supports Microsoft Entra authentication.	'Disabled' 'Enabled'
passwordAuth	Indicates if the server supports password based authentication.	'Disabled' 'Enabled'
tenantId	Identifier of the tenant of the delegated resource.	string

Backup

Name	Description	Value
backupRetentionDays	Backup retention days for the server.	int
geoRedundantBackup	Indicates if the server is configured to create geographically redundant backups.	'Disabled' 'Enabled'

Cluster

Name	Description	Value
clusterSize	Number of nodes assigned to the elastic cluster.	int
defaultDatabaseName	Default database name for the elastic cluster.	string

DataEncryption

Name	Description	Value
geoBackupKeyURI	Identifier of the user assigned managed identity used to access the key in Azure Key Vault for data encryption of the geographically redundant storage associated to a server that is configured to support geographically redundant backups.	string
geoBackupUserAssignedIdentityId	Identifier of the user assigned managed identity used to access the key in Azure Key Vault for data encryption of the geographically redundant storage associated to a server that is configured to support geographically redundant backups.	string
primaryKeyURI	URI of the key in Azure Key Vault used for data encryption of the primary storage associated to a server.	string
primaryUserAssignedIdentityId	Identifier of the user assigned managed identity used to access the key in Azure Key Vault for data encryption of the primary storage associated to a server.	string
type	Data encryption type used by a server.	'AzureKeyVault' 'SystemManaged'

HighAvailability

Name	Description	Value
mode	High availability mode for a server.	'SameZone' 'ZoneRedundant'
standbyAvailabilityZone	Availability zone associated to the standby server created when high availability is set to SameZone or ZoneRedundant.	string

MaintenanceWindow

Name	Description	Value
customWindow	Indicates whether custom window is enabled or disabled.	string
dayOfWeek	Day of the week to be used for maintenance window.	int
startHour	Start hour to be used for maintenance window.	int
startMinute	Start minute to be used for maintenance window.	int

Network

Name	Description	Value
delegatedSubnetResourceId	Resource identifier of the delegated subnet. Required during creation of a new server, in case you want the server to be integrated into your own virtual network. For an update operation, you only have to provide this property if you want to change the value assigned for the private DNS zone.	string
privateDnsZoneArmResourceId	Identifier of the private DNS zone. Required during creation of a new server, in case you want the server to be integrated into your own virtual network. For an update operation, you only have to provide this property if you want to change the value assigned for the private DNS zone.	string
publicNetworkAccess	Indicates if public network access is enabled or not. This is only supported for servers that are not integrated into a virtual network which is owned and provided by customer when server is deployed.	'Disabled' 'Enabled'

Replica

Name	Description	Value
promoteMode	Type of operation to apply on the read replica. This property is write only. Standalone means that the read replica will be promoted to a standalone server, and will become a completely independent entity from the replication set. Switchover means that the read replica will roles with the primary server.	'Standalone' 'Switchover'
promoteOption	Data synchronization option to use when processing the operation specified in the promoteMode property. This property is write only.	'Forced' 'Planned'
role	Role of the server in a replication set.	'AsyncReplica' 'GeoAsyncReplica' 'None' 'Primary'

ServerProperties

Name	Description	Value
administratorLogin	Name of the login designated as the first password based administrator assigned to your instance of PostgreSQL. Must be specified the first time that you enable password based authentication on a server. Once set to a given value, it cannot be changed for the rest of the life of a server. If you disable password based authentication on a server which had it enabled, this password based role isn't deleted.	string
administratorLoginPassword	Password assigned to the administrator login. As long as password authentication is enabled, this password can be changed at any time.	string Constraints: Sensitive value. Pass in as a secure parameter.
authConfig	Authentication configuration properties of a server.	AuthConfig
availabilityZone	Availability zone of a server.	string
backup	Backup properties of a server.	Backup
cluster	Cluster properties of a server.	Cluster
createMode	Creation mode of a new server.	'Create' 'Default' 'GeoRestore' 'PointInTimeRestore' 'Replica' 'ReviveDropped' 'Update'
dataEncryption	Data encryption properties of a server.	DataEncryption
highAvailability	High availability properties of a server.	HighAvailability
maintenanceWindow	Maintenance window properties of a server.	MaintenanceWindow
network	Network properties of a server. Only required if you want your server to be integrated into a virtual network provided by customer.	Network
pointInTimeUTC	Creation time (in ISO8601 format) of the backup which you want to restore in the new server. It's required when 'createMode' is 'PointInTimeRestore', 'GeoRestore', or 'ReviveDropped'.	string
replica	Read replica properties of a server. Required only in case that you want to promote a server.	Replica
replicationRole	Role of the server in a replication set.	'AsyncReplica' 'GeoAsyncReplica' 'None' 'Primary'
sourceServerResourceId	Identifier of the server to be used as the source of the new server. Required when 'createMode' is 'PointInTimeRestore', 'GeoRestore', 'Replica', or 'ReviveDropped'. This property is returned only when the target server is a read replica.	string
storage	Storage properties of a server.	Storage
version	Major version of PostgreSQL database engine.	'11' '12' '13' '14' '15' '16' '17' '18'

Sku

Name	Description	Value
name	Name by which is known a given compute size assigned to a server.	string (required)
tier	Tier of the compute assigned to a server.	'Burstable' 'GeneralPurpose' 'MemoryOptimized' (required)

Storage

Name	Description	Value
autoGrow	Flag to enable or disable the automatic growth of storage size of a server when available space is nearing zero and conditions allow for automatically growing storage size.	'Disabled' 'Enabled'
iops	Maximum IOPS supported for storage. Required when type of storage is PremiumV2_LRS or UltraSSD_LRS.	int
storageSizeGB	Size of storage assigned to a server.	int
throughput	Maximum throughput supported for storage. Required when type of storage is PremiumV2_LRS or UltraSSD_LRS.	int
tier	Storage tier of a server.	'P1' 'P10' 'P15' 'P2' 'P20' 'P3' 'P30' 'P4' 'P40' 'P50' 'P6' 'P60' 'P70' 'P80'
type	Type of storage assigned to a server. Allowed values are Premium_LRS, PremiumV2_LRS, or UltraSSD_LRS. If not specified, it defaults to Premium_LRS.	'PremiumV2_LRS' 'Premium_LRS' 'UltraSSD_LRS'

TrackedResourceTags

Name	Description	Value

UserAssignedIdentity

Name	Description	Value
principalId	Identifier of the object of the service principal associated to the user assigned managed identity.	string
type	Types of identities associated with a server.	'None' 'SystemAssigned' 'SystemAssigned,UserAssigned' 'UserAssigned' (required)
userAssignedIdentities	Map of user assigned managed identities.	UserAssignedIdentityMap

UserAssignedIdentityMap

Name	Description	Value

UserIdentity

Name	Description	Value
clientId	Identifier of the client of the service principal associated to the user assigned managed identity.	string
principalId	Identifier of the object of the service principal associated to the user assigned managed identity.	string

Usage Examples

Azure Verified Modules

The following Azure Verified Modules can be used to deploy this resource type.

Module	Description
DB for Postgre SQL Flexible Server	AVM Resource Module for DB for Postgre SQL Flexible Server

Azure Quickstart Samples

The following Azure Quickstart templates contain Bicep samples for deploying this resource type.

Bicep File	Description
Create PgFlex server & enable protection via Backup Vault	Template that creates a PostgreSQL Flexible Server and enables protection via Backup Vault
Deploy Azure Database for PostgreSQL (flexible) with AAD	This template provides a way to deploy a Flexible server Azure database for PostgreSQL with AAD integration.
Deploy Azure Database for PostgreSQL (flexible) with VNet	This template provides a way to deploy a Flexible server Azure database for PostgreSQL with VNet integration.
SonarQube on Web App with PostgreSQL and VNet integration	This template provides easy to deploy SonarQube to Web App on Linux with PostgreSQL Flexible Server, VNet integration and private DNS.

ARM template resource definition

The flexibleServers resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.DBforPostgreSQL/flexibleServers resource, add the following JSON to your template.

{
  "type": "Microsoft.DBforPostgreSQL/flexibleServers",
  "apiVersion": "2025-08-01",
  "name": "string",
  "identity": {
    "principalId": "string",
    "type": "string",
    "userAssignedIdentities": {
      "{customized property}": {
        "clientId": "string",
        "principalId": "string"
      }
    }
  },
  "location": "string",
  "properties": {
    "administratorLogin": "string",
    "administratorLoginPassword": "string",
    "authConfig": {
      "activeDirectoryAuth": "string",
      "passwordAuth": "string",
      "tenantId": "string"
    },
    "availabilityZone": "string",
    "backup": {
      "backupRetentionDays": "int",
      "geoRedundantBackup": "string"
    },
    "cluster": {
      "clusterSize": "int",
      "defaultDatabaseName": "string"
    },
    "createMode": "string",
    "dataEncryption": {
      "geoBackupKeyURI": "string",
      "geoBackupUserAssignedIdentityId": "string",
      "primaryKeyURI": "string",
      "primaryUserAssignedIdentityId": "string",
      "type": "string"
    },
    "highAvailability": {
      "mode": "string",
      "standbyAvailabilityZone": "string"
    },
    "maintenanceWindow": {
      "customWindow": "string",
      "dayOfWeek": "int",
      "startHour": "int",
      "startMinute": "int"
    },
    "network": {
      "delegatedSubnetResourceId": "string",
      "privateDnsZoneArmResourceId": "string",
      "publicNetworkAccess": "string"
    },
    "pointInTimeUTC": "string",
    "replica": {
      "promoteMode": "string",
      "promoteOption": "string",
      "role": "string"
    },
    "replicationRole": "string",
    "sourceServerResourceId": "string",
    "storage": {
      "autoGrow": "string",
      "iops": "int",
      "storageSizeGB": "int",
      "throughput": "int",
      "tier": "string",
      "type": "string"
    },
    "version": "string"
  },
  "sku": {
    "name": "string",
    "tier": "string"
  },
  "tags": {
    "{customized property}": "string"
  }
}

Property Values

Microsoft.DBforPostgreSQL/flexibleServers

Name	Description	Value
apiVersion	The api version	'2025-08-01'
identity	User assigned managed identities assigned to the server.	UserAssignedIdentity
location	The geo-location where the resource lives	string (required)
name	The resource name	string Constraints: Min length = 3 Max length = 63 Pattern = `^[a-zA-Z0-9]+(-[a-zA-Z0-9]+)*` (required)
properties	Properties of a server.	ServerProperties
sku	Compute tier and size of a server.	Sku
tags	Resource tags	Dictionary of tag names and values. See Tags in templates
type	The resource type	'Microsoft.DBforPostgreSQL/flexibleServers'

AuthConfig

Name	Description	Value
activeDirectoryAuth	Indicates if the server supports Microsoft Entra authentication.	'Disabled' 'Enabled'
passwordAuth	Indicates if the server supports password based authentication.	'Disabled' 'Enabled'
tenantId	Identifier of the tenant of the delegated resource.	string

Backup

Name	Description	Value
backupRetentionDays	Backup retention days for the server.	int
geoRedundantBackup	Indicates if the server is configured to create geographically redundant backups.	'Disabled' 'Enabled'

Cluster

Name	Description	Value
clusterSize	Number of nodes assigned to the elastic cluster.	int
defaultDatabaseName	Default database name for the elastic cluster.	string

DataEncryption

Name	Description	Value
geoBackupKeyURI	Identifier of the user assigned managed identity used to access the key in Azure Key Vault for data encryption of the geographically redundant storage associated to a server that is configured to support geographically redundant backups.	string
geoBackupUserAssignedIdentityId	Identifier of the user assigned managed identity used to access the key in Azure Key Vault for data encryption of the geographically redundant storage associated to a server that is configured to support geographically redundant backups.	string
primaryKeyURI	URI of the key in Azure Key Vault used for data encryption of the primary storage associated to a server.	string
primaryUserAssignedIdentityId	Identifier of the user assigned managed identity used to access the key in Azure Key Vault for data encryption of the primary storage associated to a server.	string
type	Data encryption type used by a server.	'AzureKeyVault' 'SystemManaged'

HighAvailability

Name	Description	Value
mode	High availability mode for a server.	'SameZone' 'ZoneRedundant'
standbyAvailabilityZone	Availability zone associated to the standby server created when high availability is set to SameZone or ZoneRedundant.	string

MaintenanceWindow

Name	Description	Value
customWindow	Indicates whether custom window is enabled or disabled.	string
dayOfWeek	Day of the week to be used for maintenance window.	int
startHour	Start hour to be used for maintenance window.	int
startMinute	Start minute to be used for maintenance window.	int

Network

Name	Description	Value
delegatedSubnetResourceId	Resource identifier of the delegated subnet. Required during creation of a new server, in case you want the server to be integrated into your own virtual network. For an update operation, you only have to provide this property if you want to change the value assigned for the private DNS zone.	string
privateDnsZoneArmResourceId	Identifier of the private DNS zone. Required during creation of a new server, in case you want the server to be integrated into your own virtual network. For an update operation, you only have to provide this property if you want to change the value assigned for the private DNS zone.	string
publicNetworkAccess	Indicates if public network access is enabled or not. This is only supported for servers that are not integrated into a virtual network which is owned and provided by customer when server is deployed.	'Disabled' 'Enabled'

Replica

Name	Description	Value
promoteMode	Type of operation to apply on the read replica. This property is write only. Standalone means that the read replica will be promoted to a standalone server, and will become a completely independent entity from the replication set. Switchover means that the read replica will roles with the primary server.	'Standalone' 'Switchover'
promoteOption	Data synchronization option to use when processing the operation specified in the promoteMode property. This property is write only.	'Forced' 'Planned'
role	Role of the server in a replication set.	'AsyncReplica' 'GeoAsyncReplica' 'None' 'Primary'

ServerProperties

Name	Description	Value
administratorLogin	Name of the login designated as the first password based administrator assigned to your instance of PostgreSQL. Must be specified the first time that you enable password based authentication on a server. Once set to a given value, it cannot be changed for the rest of the life of a server. If you disable password based authentication on a server which had it enabled, this password based role isn't deleted.	string
administratorLoginPassword	Password assigned to the administrator login. As long as password authentication is enabled, this password can be changed at any time.	string Constraints: Sensitive value. Pass in as a secure parameter.
authConfig	Authentication configuration properties of a server.	AuthConfig
availabilityZone	Availability zone of a server.	string
backup	Backup properties of a server.	Backup
cluster	Cluster properties of a server.	Cluster
createMode	Creation mode of a new server.	'Create' 'Default' 'GeoRestore' 'PointInTimeRestore' 'Replica' 'ReviveDropped' 'Update'
dataEncryption	Data encryption properties of a server.	DataEncryption
highAvailability	High availability properties of a server.	HighAvailability
maintenanceWindow	Maintenance window properties of a server.	MaintenanceWindow
network	Network properties of a server. Only required if you want your server to be integrated into a virtual network provided by customer.	Network
pointInTimeUTC	Creation time (in ISO8601 format) of the backup which you want to restore in the new server. It's required when 'createMode' is 'PointInTimeRestore', 'GeoRestore', or 'ReviveDropped'.	string
replica	Read replica properties of a server. Required only in case that you want to promote a server.	Replica
replicationRole	Role of the server in a replication set.	'AsyncReplica' 'GeoAsyncReplica' 'None' 'Primary'
sourceServerResourceId	Identifier of the server to be used as the source of the new server. Required when 'createMode' is 'PointInTimeRestore', 'GeoRestore', 'Replica', or 'ReviveDropped'. This property is returned only when the target server is a read replica.	string
storage	Storage properties of a server.	Storage
version	Major version of PostgreSQL database engine.	'11' '12' '13' '14' '15' '16' '17' '18'

Sku

Name	Description	Value
name	Name by which is known a given compute size assigned to a server.	string (required)
tier	Tier of the compute assigned to a server.	'Burstable' 'GeneralPurpose' 'MemoryOptimized' (required)

Storage

Name	Description	Value
autoGrow	Flag to enable or disable the automatic growth of storage size of a server when available space is nearing zero and conditions allow for automatically growing storage size.	'Disabled' 'Enabled'
iops	Maximum IOPS supported for storage. Required when type of storage is PremiumV2_LRS or UltraSSD_LRS.	int
storageSizeGB	Size of storage assigned to a server.	int
throughput	Maximum throughput supported for storage. Required when type of storage is PremiumV2_LRS or UltraSSD_LRS.	int
tier	Storage tier of a server.	'P1' 'P10' 'P15' 'P2' 'P20' 'P3' 'P30' 'P4' 'P40' 'P50' 'P6' 'P60' 'P70' 'P80'
type	Type of storage assigned to a server. Allowed values are Premium_LRS, PremiumV2_LRS, or UltraSSD_LRS. If not specified, it defaults to Premium_LRS.	'PremiumV2_LRS' 'Premium_LRS' 'UltraSSD_LRS'

TrackedResourceTags

Name	Description	Value

UserAssignedIdentity

Name	Description	Value
principalId	Identifier of the object of the service principal associated to the user assigned managed identity.	string
type	Types of identities associated with a server.	'None' 'SystemAssigned' 'SystemAssigned,UserAssigned' 'UserAssigned' (required)
userAssignedIdentities	Map of user assigned managed identities.	UserAssignedIdentityMap

UserAssignedIdentityMap

Name	Description	Value

UserIdentity

Name	Description	Value
clientId	Identifier of the client of the service principal associated to the user assigned managed identity.	string
principalId	Identifier of the object of the service principal associated to the user assigned managed identity.	string

Usage Examples

Azure Quickstart Templates

The following Azure Quickstart templates deploy this resource type.

Template	Description
Create PgFlex server & enable protection via Backup Vault	Template that creates a PostgreSQL Flexible Server and enables protection via Backup Vault
Deploy Azure Database for PostgreSQL (flexible) with AAD	This template provides a way to deploy a Flexible server Azure database for PostgreSQL with AAD integration.
Deploy Azure Database for PostgreSQL (flexible) with VNet	This template provides a way to deploy a Flexible server Azure database for PostgreSQL with VNet integration.
SonarQube on Web App with PostgreSQL and VNet integration	This template provides easy to deploy SonarQube to Web App on Linux with PostgreSQL Flexible Server, VNet integration and private DNS.

Terraform (AzAPI provider) resource definition

The flexibleServers resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.DBforPostgreSQL/flexibleServers resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.DBforPostgreSQL/flexibleServers@2025-08-01"
  name = "string"
  parent_id = "string"
  identity {
    type = "string"
    identity_ids = [
      "string"
    ]
  }
  location = "string"
  tags = {
    {customized property} = "string"
  }
  body = {
    properties = {
      administratorLogin = "string"
      administratorLoginPassword = "string"
      authConfig = {
        activeDirectoryAuth = "string"
        passwordAuth = "string"
        tenantId = "string"
      }
      availabilityZone = "string"
      backup = {
        backupRetentionDays = int
        geoRedundantBackup = "string"
      }
      cluster = {
        clusterSize = int
        defaultDatabaseName = "string"
      }
      createMode = "string"
      dataEncryption = {
        geoBackupKeyURI = "string"
        geoBackupUserAssignedIdentityId = "string"
        primaryKeyURI = "string"
        primaryUserAssignedIdentityId = "string"
        type = "string"
      }
      highAvailability = {
        mode = "string"
        standbyAvailabilityZone = "string"
      }
      maintenanceWindow = {
        customWindow = "string"
        dayOfWeek = int
        startHour = int
        startMinute = int
      }
      network = {
        delegatedSubnetResourceId = "string"
        privateDnsZoneArmResourceId = "string"
        publicNetworkAccess = "string"
      }
      pointInTimeUTC = "string"
      replica = {
        promoteMode = "string"
        promoteOption = "string"
        role = "string"
      }
      replicationRole = "string"
      sourceServerResourceId = "string"
      storage = {
        autoGrow = "string"
        iops = int
        storageSizeGB = int
        throughput = int
        tier = "string"
        type = "string"
      }
      version = "string"
    }
    sku = {
      name = "string"
      tier = "string"
    }
  }
}

Property Values

Microsoft.DBforPostgreSQL/flexibleServers

Name	Description	Value
identity	User assigned managed identities assigned to the server.	UserAssignedIdentity
location	The geo-location where the resource lives	string (required)
name	The resource name	string Constraints: Min length = 3 Max length = 63 Pattern = `^[a-zA-Z0-9]+(-[a-zA-Z0-9]+)*` (required)
parent_id	The ID of the resource to apply this extension resource to.	string (required)
properties	Properties of a server.	ServerProperties
sku	Compute tier and size of a server.	Sku
tags	Resource tags	Dictionary of tag names and values.
type	The resource type	"Microsoft.DBforPostgreSQL/flexibleServers@2025-08-01"

AuthConfig

Name	Description	Value
activeDirectoryAuth	Indicates if the server supports Microsoft Entra authentication.	'Disabled' 'Enabled'
passwordAuth	Indicates if the server supports password based authentication.	'Disabled' 'Enabled'
tenantId	Identifier of the tenant of the delegated resource.	string

Backup

Name	Description	Value
backupRetentionDays	Backup retention days for the server.	int
geoRedundantBackup	Indicates if the server is configured to create geographically redundant backups.	'Disabled' 'Enabled'

Cluster

Name	Description	Value
clusterSize	Number of nodes assigned to the elastic cluster.	int
defaultDatabaseName	Default database name for the elastic cluster.	string

DataEncryption

Name	Description	Value
geoBackupKeyURI	Identifier of the user assigned managed identity used to access the key in Azure Key Vault for data encryption of the geographically redundant storage associated to a server that is configured to support geographically redundant backups.	string
geoBackupUserAssignedIdentityId	Identifier of the user assigned managed identity used to access the key in Azure Key Vault for data encryption of the geographically redundant storage associated to a server that is configured to support geographically redundant backups.	string
primaryKeyURI	URI of the key in Azure Key Vault used for data encryption of the primary storage associated to a server.	string
primaryUserAssignedIdentityId	Identifier of the user assigned managed identity used to access the key in Azure Key Vault for data encryption of the primary storage associated to a server.	string
type	Data encryption type used by a server.	'AzureKeyVault' 'SystemManaged'

HighAvailability

Name	Description	Value
mode	High availability mode for a server.	'SameZone' 'ZoneRedundant'
standbyAvailabilityZone	Availability zone associated to the standby server created when high availability is set to SameZone or ZoneRedundant.	string

MaintenanceWindow

Name	Description	Value
customWindow	Indicates whether custom window is enabled or disabled.	string
dayOfWeek	Day of the week to be used for maintenance window.	int
startHour	Start hour to be used for maintenance window.	int
startMinute	Start minute to be used for maintenance window.	int

Network

Name	Description	Value
delegatedSubnetResourceId	Resource identifier of the delegated subnet. Required during creation of a new server, in case you want the server to be integrated into your own virtual network. For an update operation, you only have to provide this property if you want to change the value assigned for the private DNS zone.	string
privateDnsZoneArmResourceId	Identifier of the private DNS zone. Required during creation of a new server, in case you want the server to be integrated into your own virtual network. For an update operation, you only have to provide this property if you want to change the value assigned for the private DNS zone.	string
publicNetworkAccess	Indicates if public network access is enabled or not. This is only supported for servers that are not integrated into a virtual network which is owned and provided by customer when server is deployed.	'Disabled' 'Enabled'

Replica

Name	Description	Value
promoteMode	Type of operation to apply on the read replica. This property is write only. Standalone means that the read replica will be promoted to a standalone server, and will become a completely independent entity from the replication set. Switchover means that the read replica will roles with the primary server.	'Standalone' 'Switchover'
promoteOption	Data synchronization option to use when processing the operation specified in the promoteMode property. This property is write only.	'Forced' 'Planned'
role	Role of the server in a replication set.	'AsyncReplica' 'GeoAsyncReplica' 'None' 'Primary'

ServerProperties

Name	Description	Value
administratorLogin	Name of the login designated as the first password based administrator assigned to your instance of PostgreSQL. Must be specified the first time that you enable password based authentication on a server. Once set to a given value, it cannot be changed for the rest of the life of a server. If you disable password based authentication on a server which had it enabled, this password based role isn't deleted.	string
administratorLoginPassword	Password assigned to the administrator login. As long as password authentication is enabled, this password can be changed at any time.	string Constraints: Sensitive value. Pass in as a secure parameter.
authConfig	Authentication configuration properties of a server.	AuthConfig
availabilityZone	Availability zone of a server.	string
backup	Backup properties of a server.	Backup
cluster	Cluster properties of a server.	Cluster
createMode	Creation mode of a new server.	'Create' 'Default' 'GeoRestore' 'PointInTimeRestore' 'Replica' 'ReviveDropped' 'Update'
dataEncryption	Data encryption properties of a server.	DataEncryption
highAvailability	High availability properties of a server.	HighAvailability
maintenanceWindow	Maintenance window properties of a server.	MaintenanceWindow
network	Network properties of a server. Only required if you want your server to be integrated into a virtual network provided by customer.	Network
pointInTimeUTC	Creation time (in ISO8601 format) of the backup which you want to restore in the new server. It's required when 'createMode' is 'PointInTimeRestore', 'GeoRestore', or 'ReviveDropped'.	string
replica	Read replica properties of a server. Required only in case that you want to promote a server.	Replica
replicationRole	Role of the server in a replication set.	'AsyncReplica' 'GeoAsyncReplica' 'None' 'Primary'
sourceServerResourceId	Identifier of the server to be used as the source of the new server. Required when 'createMode' is 'PointInTimeRestore', 'GeoRestore', 'Replica', or 'ReviveDropped'. This property is returned only when the target server is a read replica.	string
storage	Storage properties of a server.	Storage
version	Major version of PostgreSQL database engine.	'11' '12' '13' '14' '15' '16' '17' '18'

Sku

Name	Description	Value
name	Name by which is known a given compute size assigned to a server.	string (required)
tier	Tier of the compute assigned to a server.	'Burstable' 'GeneralPurpose' 'MemoryOptimized' (required)

Storage

Name	Description	Value
autoGrow	Flag to enable or disable the automatic growth of storage size of a server when available space is nearing zero and conditions allow for automatically growing storage size.	'Disabled' 'Enabled'
iops	Maximum IOPS supported for storage. Required when type of storage is PremiumV2_LRS or UltraSSD_LRS.	int
storageSizeGB	Size of storage assigned to a server.	int
throughput	Maximum throughput supported for storage. Required when type of storage is PremiumV2_LRS or UltraSSD_LRS.	int
tier	Storage tier of a server.	'P1' 'P10' 'P15' 'P2' 'P20' 'P3' 'P30' 'P4' 'P40' 'P50' 'P6' 'P60' 'P70' 'P80'
type	Type of storage assigned to a server. Allowed values are Premium_LRS, PremiumV2_LRS, or UltraSSD_LRS. If not specified, it defaults to Premium_LRS.	'PremiumV2_LRS' 'Premium_LRS' 'UltraSSD_LRS'

TrackedResourceTags

Name	Description	Value

UserAssignedIdentity

Name	Description	Value
principalId	Identifier of the object of the service principal associated to the user assigned managed identity.	string
type	Types of identities associated with a server.	'None' 'SystemAssigned' 'SystemAssigned,UserAssigned' 'UserAssigned' (required)
userAssignedIdentities	Map of user assigned managed identities.	UserAssignedIdentityMap

UserAssignedIdentityMap

Name	Description	Value

UserIdentity

Name	Description	Value
clientId	Identifier of the client of the service principal associated to the user assigned managed identity.	string
principalId	Identifier of the object of the service principal associated to the user assigned managed identity.	string

Usage Examples

Terraform Samples

A basic example of deploying PostgreSQL Flexible Server.

terraform {
  required_providers {
    azapi = {
      source = "Azure/azapi"
    }
    azurerm = {
      source = "hashicorp/azurerm"
    }
  }
}

provider "azurerm" {
  features {
  }
}

provider "azapi" {
  skip_provider_registration = false
}

variable "resource_name" {
  type    = string
  default = "acctest0001"
}

variable "location" {
  type    = string
  default = "eastus"
}

variable "administrator_login" {
  type        = string
  description = "The administrator login name for the PostgreSQL flexible server"
}

variable "administrator_login_password" {
  type        = string
  description = "The administrator login password for the PostgreSQL flexible server"
  sensitive   = true
}

resource "azapi_resource" "resourceGroup" {
  type     = "Microsoft.Resources/resourceGroups@2020-06-01"
  name     = var.resource_name
  location = var.location
}

resource "azapi_resource" "flexibleServer" {
  type      = "Microsoft.DBforPostgreSQL/flexibleServers@2023-06-01-preview"
  parent_id = azapi_resource.resourceGroup.id
  name      = var.resource_name
  location  = var.location
  body = {
    identity = {
      type                   = "None",
      userAssignedIdentities = null
    },
    properties = {
      administratorLogin         = var.administrator_login
      administratorLoginPassword = var.administrator_login_password
      availabilityZone           = "2"
      backup = {
        geoRedundantBackup = "Disabled"
      }
      highAvailability = {
        mode = "Disabled"
      }
      network = {
      }
      storage = {
        storageSizeGB = 32
      }
      version = "12"
    }
    sku = {
      name = "Standard_D2s_v3"
      tier = "GeneralPurpose"
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
}

Azure Verified Modules

The following Azure Verified Modules can be used to deploy this resource type.

Module	Description
DB for Postgre SQL Flexible Server	AVM Resource Module for DB for Postgre SQL Flexible Server

Feedback

Was this page helpful?

Last updated on 2025-08-06

Share via

Microsoft.DBforPostgreSQL flexibleServers

Bicep resource definition

Resource format

Property Values

Microsoft.DBforPostgreSQL/flexibleServers

AuthConfig

Backup

Cluster

DataEncryption

HighAvailability

MaintenanceWindow

Network

Replica

ServerProperties

Sku

Storage

TrackedResourceTags

UserAssignedIdentity

UserAssignedIdentityMap

UserIdentity

Usage Examples

Azure Verified Modules

Azure Quickstart Samples

ARM template resource definition

Resource format

Property Values

Microsoft.DBforPostgreSQL/flexibleServers

AuthConfig

Backup

Cluster

DataEncryption

HighAvailability

MaintenanceWindow

Network

Replica

ServerProperties

Sku

Storage

TrackedResourceTags

UserAssignedIdentity

UserAssignedIdentityMap

UserIdentity

Usage Examples

Azure Quickstart Templates

Terraform (AzAPI provider) resource definition

Resource format

Property Values

Microsoft.DBforPostgreSQL/flexibleServers

AuthConfig

Backup

Cluster

DataEncryption

HighAvailability

MaintenanceWindow

Network

Replica

ServerProperties

Sku

Storage

TrackedResourceTags

UserAssignedIdentity

UserAssignedIdentityMap

UserIdentity

Usage Examples

Terraform Samples

Azure Verified Modules

Feedback

Additional resources