Logo of Trend Micro
Use the Knowledge Base AI to help improve your Cloud Posture

Enable High Availability for PostgreSQL Clusters

Trend Vision One™ provides continuous assurance that gives peace of mind for your cloud infrastructure, delivering over 1100 automated best practice checks.

Risk Level: Medium (should be achieved)

Ensure that your Microsoft Azure Cosmos DB for PostgreSQL clusters are configured for high availability (HA) in order to improve availability and resiliency of your applications.

Reliability

Configuring Azure Cosmos DB for PostgreSQL clusters for high availability (HA) is essential for ensuring continuous operation and minimizing downtime for your applications. It achieves this by maintaining standby replicas of each node, enabling automatic failover in case of a primary node failure, and guaranteeing data consistency with zero data loss. This setup helps meet demanding SLAs for mission-critical applications.

Audit

To determine if your Azure Cosmos DB for PostgreSQL clusters are configured for high availability, perform the following operations:

Using Azure Portal

01 Sign in to the Microsoft Azure Portal.

02 Navigate to All resources blade available at https://portal.azure.com/#browse/all to access all your Microsoft Azure cloud resources.

03 Choose the Azure subscription that you want to access from the Subscription equalls all filter box and choose Apply.

04 From the Type equals all filter box, select Type for Filter, Equals for Operator, and Azure Cosmos DB for PostgreSQL Cluster for Value, then choose Apply to list the Azure Cosmos DB accounts available in the selected subscription.

05 Click on the name (link) of the Azure Cosmos DB for PostgreSQL cluster that you want to examine.

06 In the resource navigation panel, choose Overview to access the general configuration information available for the selected Cosmos DB cluster.

07 In the Essentials section, check the High availability attribute value to determine if high availability (HA) is enabled for the selected database cluster. If High availability is set to No, the selected Azure Cosmos DB for PostgreSQL cluster is not configured for high availability (HA). Therefore, there is no failover support available for the cluster in case of an outage.

08 Repeat steps no. 5 – 7 for each Azure Cosmos DB for PostgreSQL cluster available in the selected subscription.

09 Repeat steps no. 3 – 8 for each Azure subscription created within your Microsoft Azure cloud account.

Using Azure CLI

01 Run account list command (Windows/macOS/Linux) with custom output filters to list the IDs of the cloud subscriptions available in your Azure cloud account: 

az account list
	--query '[*].id'

02 The command output should return the requested subscription identifiers (IDs): 

[
	"abcdabcd-1234-abcd-1234-abcdabcdabcd",
	"abcd1234-abcd-1234-abcd-abcd1234abcd"
]

03 Run account set command (Windows/macOS/Linux) with the ID of the Azure cloud subscription that you want to examine as the identifier parameter to set the selected subscription to be the current active subscription (the command does not produce an output): 

az account set
	--subscription abcdabcd-1234-abcd-1234-abcdabcdabcd

04 Run cosmosdb postgres cluster list command (Windows/macOS/Linux) with custom query filters to list the name and the associated resource group for each Azure Cosmos DB for PostgreSQL cluster available in the selected subscription: 

az cosmosdb postgres cluster list
	--output table
	--query '[*].{name:name, resourceGroup:resourceGroup}'

05 The command output should return the requested database cluster identifiers: 

Name                          ResourceGroup
---------------------------   ------------------------------
cc-project5-cosmos-database   cloud-shell-storage-westeurope
cc-cosmos-mongodb-account     cloud-shell-storage-westeurope

06 Run cosmosdb postgres cluster show command (Windows/macOS/Linux) with the name of the Azure Cosmos DB for PostgreSQL cluster that you want to examine as the identifier parameter and custom output filters to determine if high availability (HA) is enabled for the selected database cluster: 

az cosmosdb postgres cluster show
	--cluster-name cc-project5-cosmos-database
	--resource-group cloud-shell-storage-westeurope
	--query 'enableHa'

07 The command output should return the High Availability (HA) feature status: 

false

If the cosmosdb postgres cluster show command output returns false, as shown in the example above, the selected Azure Cosmos DB for PostgreSQL cluster is not configured for high availability (HA). Therefore, there is no failover support available for the cluster in case of an outage.

08 Repeat steps no. 5 – 7 for each Azure Cosmos DB for PostgreSQL cluster available within the selected subscription.

09 Repeat steps no. 3 – 8 for each Azure subscription created in your Microsoft Azure cloud account.

Remediation / Resolution

To enable and configure high availability (HA) for your Azure Cosmos DB for PostgreSQL clusters, perform the following operations:

Using Azure Portal

01 Sign in to the Microsoft Azure Portal.

02 Navigate to All resources blade available at https://portal.azure.com/#browse/all to access all your Microsoft Azure cloud resources.

03 Choose the Azure subscription that you want to access from the Subscription equalls all filter box and choose Apply.

04 From the Type equals all filter box, select Type for Filter, Equals for Operator, and Azure Cosmos DB for PostgreSQL Cluster for Value, then choose Apply to list the Azure Cosmos DB accounts available in the selected subscription.

05 Click on the name (link) of the Azure Cosmos DB for PostgreSQL cluster that you want to configure.

06 In the resource navigation panel, choose High availability to access the HA feature configuration settings available for the selected Cosmos DB cluster.

07 In the High availability (HA) section, check the Enable high availability (HA) setting checkbox, and choose Save to apply the changes. This will enable high availability for the selected Azure Cosmos DB for PostgreSQL cluster.

08 Repeat steps no. 5 – 7 for each Azure Cosmos DB for PostgreSQL cluster that you want to configure, available in the selected subscription.

09 Repeat steps no. 3 – 8 for each Azure subscription created within your Microsoft Azure cloud account.

Using Azure CLI

01 Run account list command (Windows/macOS/Linux) with custom output filters to list the IDs of the cloud subscriptions available in your Azure cloud account: 

az account list
	--query '[*].id'

02 The command output should return the requested subscription identifiers (IDs): 

[
	"abcdabcd-1234-abcd-1234-abcdabcdabcd",
	"abcd1234-abcd-1234-abcd-abcd1234abcd"
]

03 Run account set command (Windows/macOS/Linux) with the ID of the Azure cloud subscription that you want to examine as the identifier parameter to set the selected subscription to be the current active subscription (the command does not produce an output): 

az account set
	--subscription abcdabcd-1234-abcd-1234-abcdabcdabcd

04 Run cosmosdb postgres cluster update command (Windows/macOS/Linux) to enable the High Availability (HA) feature for the selected Azure Cosmos DB for PostgreSQL cluster: 

az cosmosdb postgres cluster update
	--cluster-name cc-project5-cosmos-database
	--resource-group cloud-shell-storage-westeurope
	--enable-ha true

05 The command output should return the configuration information available for the modified resource: 

{
	"administratorLogin": "citus",
	"citusVersion": "12.1",
	"coordinatorEnablePublicIpAccess": true,
	"coordinatorServerEdition": "GeneralPurpose",
	"coordinatorStorageQuotaInMb": 131072,
	"coordinatorVCores": 2,
	"enableHa": true,
	"enableShardsOnCoordinator": true,
	"location": "westeurope",
	"name": "cc-project5-cosmos-database",
	"nodeCount": 0,
	"nodeEnablePublicIpAccess": false,
	"nodeServerEdition": "MemoryOptimized",
	"nodeStorageQuotaInMb": 524288,
	"nodeVCores": 4,
	"postgresqlVersion": "16",
	"privateEndpointConnections": [],
	"provisioningState": "InProgress",
	"readReplicas": [],
	"resourceGroup": "cloud-shell-storage-westeurope",
	"state": "Ready",
	"tags": {},
	"type": "Microsoft.DBforPostgreSQL/serverGroupsv2"
}

06 Repeat steps no. 4 and 5 for each Azure Cosmos DB for PostgreSQL cluster that you want to configure, available within the selected subscription.

07 Repeat steps no. 3 – 6 for each Azure subscription created within your Microsoft Azure cloud account.

References

Publication date May 28, 2025

Related CosmosDB rules