Servers - Azure Database for PostgreSQL - Flexible Server

APPLIES TO: Azure Database for PostgreSQL - Flexible Server

This article provides considerations and guidelines for working with Azure Database for PostgreSQL flexible server.

What is an Azure Database for PostgreSQL server?

A server in the Azure Database for PostgreSQL flexible server deployment option is a central administrative point for multiple databases. It is the same PostgreSQL server construct that you may be familiar with in the on-premises world. Specifically, Azure Database for PostgreSQL flexible server is managed, provides performance guarantees, exposes access and features at the server-level.

An Azure Database for PostgreSQL flexible server instance:

  • Is created within an Azure subscription.
  • Is the parent resource for databases.
  • Provides a namespace for databases.
  • Is a container with strong lifetime semantics - delete a server and it deletes the contained databases.
  • Collocates resources in a region.
  • Provides a connection endpoint for server and database access.
  • Provides the scope for management policies that apply to its databases: login, firewall, users, roles, configurations, etc.
  • Is available in multiple versions. For more information, see supported PostgreSQL database versions.
  • Is extensible by users. For more information, see PostgreSQL extensions.

Within an Azure Database for PostgreSQL flexible server instance, you can create one or multiple databases. You can opt to create a single database per server to utilize all the resources, or create multiple databases to share the resources. The pricing is structured per-server, based on the configuration of pricing tier, vCores, and storage (GB). For more information, see Compute and Storage options.

How do I connect and authenticate to the database server?

The following elements help ensure safe access to your database:

Security concept Description
Authentication and authorization Azure Database for PostgreSQL flexible server supports native PostgreSQL authentication. You can connect and authenticate to server with the server's admin login.
Protocol The service supports a message-based protocol used by PostgreSQL.
TCP/IP The protocol is supported over TCP/IP, and over Unix-domain sockets.
Firewall To help protect your data, a firewall rule prevents all access to your server and to its databases, until you specify which computers have permission. See Azure Database for PostgreSQL flexible server firewall rules.

Managing your server

You can manage Azure Database for PostgreSQL flexible server instances by using the Azure portal or the Azure CLI.

While creating a server, you set up the credentials for your admin user. The admin user is the highest privilege user you have on the server. It belongs to the role azure_pg_admin. This role does not have full superuser permissions.

The PostgreSQL superuser attribute is assigned to the azure_superuser, which belongs to the managed service. You do not have access to this role.

An Azure Database for PostgreSQL flexible server instance has default databases:

  • postgres - A default database you can connect to once your server is created.
  • azure_maintenance - This database is used to separate the processes that provide the managed service from user actions. You do not have access to this database.

Server parameters

The Azure Database for PostgreSQL flexible server parameters determine the configuration of the server. In Azure Database for PostgreSQL flexible server, the list of parameters can be viewed and edited using the Azure portal or the Azure CLI.

As a managed service for Postgres, the configurable parameters in Azure Database for PostgreSQL are a subset of the parameters in a local Postgres instance. (For more information on Postgres parameters, see the PostgreSQL documentation). Your Azure Database for PostgreSQL flexible server instance is enabled with default values for each parameter on creation. Some parameters that would require a server restart or superuser access for changes to take effect can't be configured by the user.

Next steps