Connect your Cloud

Overview

To create an collection and start deploying you would need to associate it to your cloud account by providing it a delegated role with the permissions needed to provision and manage resources. Alternatively, you can also deploy the Bluebricks orchestrator in a self-hosted service through an equivalent trusted identity.

A cloud account represents a top-level boundary for cloud resources (such as an AWS account or GCP project) and serves as the foundation for managing infrastructure in Bluebricks. Each collection connects to a cloud provider, and a single account can be linked to multiple collections, such as staging and production, to support isolated workflows while reusing the same cloud setup. This separation offers flexibility while staying aligned with your cloud provider’s structure.

Collection permissions

Bluebricks separates cloud account permissions into two distinct roles:

• Orchestration permissions allow Bluebricks to create, modify, and destroy infrastructure in the connected cloud account. This is the standard permission set for deploying blueprints.

• Discovery permissions allow Bluebricks to read and inventory resources in the connected cloud account. This is a read-only permission set used for cloud discovery.

A collection can have one or both permission types, depending on what you need:

Cloud Account Types:

Bluebricks supports three types of cloud connections:

• Amazon Web Service (AWS)

• Google Cloud Provider (GCP)

• Azure Cloud Computing Services

Connect to Self-Hosted Runner

Connect a self-hosted orchestrator to allow Bluebricks to connect to your cluster in a secure, controlled way without sharing long-lived credentials. See how to set up a self-hosted runner.