search
API ReferenceKnowledge BaseDownload CLILoginBook a Demo

radarDiscovery

Gain full visibility into your cloud infrastructure

Discovery gives you a continuously updated, read-only inventory of every resource running in your connected cloud accounts. Instead of relying on manual audits or switching between cloud consoles, you see what actually exists in your infrastructure directly in a single, unified view across accounts and providers.

hashtag
What discovery provides

Discovery answers a question that grows harder as infrastructure scales: what is actually running in my cloud?

When you connect a cloud account with discovery permissionsarrow-up-right, Bluebricks maintains a tenant-isolated runtime that continuously queries your cloud provider APIs. The result is a real-time inventory that covers:

  • All cloud resources in the connected account, not just those managed by Bluebricks

  • Resource metadata including type, region, tags, and provider-specific attributes

  • Managed vs. unmanaged classification so you can see which resources are already governed by a blueprint and which exist outside of Bluebricks

  • Cross-account visibility across AWS, GCP, and Azure from a single interface

This inventory feeds directly into the cloud graph, the cloud import agentarrow-up-right, and drift detection.

hashtag
How it works

Discovery runs as a background process tied to each cloud account connection that has discovery permissions enabled. The system:

  1. Provisions an isolated runtime per tenant to query cloud provider APIs without affecting your workloads

  2. Scans resources continuously to keep the inventory current as your infrastructure changes

  3. Classifies resources by comparing discovered resources against the state tracked by your Bluebricks environments

  4. Surfaces results in the cloud graph and the discovery API endpoints

Discovery is read-only. It never creates, modifies, or deletes resources in your cloud account. The permissions it requires are limited to listing and describing resources.

magnifying-glass-arrows-rotate

Discovery runtimes refresh their provider connections dynamically, so changes to cloud credentials or account configurations are picked up without manual intervention.

hashtag
The cloud graph

The cloud graph is the visual interface where discovery results appear. It renders your infrastructure as an interactive, left-to-right graph showing the relationships between collections, environments, packages, and individual cloud resources.

Within the cloud graph, you can:

  • Browse all discovered resources across your connected cloud accounts

  • Filter resources by type, region, or managed status

  • Inspect resource details, including raw JSON properties

  • Compare the current cloud state against your declared IaC configuration with side-by-side diffs

  • Select unmanaged resources and codify them

Collections that have both orchestration and discovery permissions show both icons in the graph, making it easy to identify which collections support the full discovery-to-import workflow.

hashtag
From discovery to codification

Discovery on its own provides visibility. The cloud import agentarrow-up-right takes it a step further by turning discovered, unmanaged resources into fully managed Bluebricks environments.

After import, the resources appear as managed nodes in the cloud graph. From that point on, they follow the same lifecycle as any other Bluebricks environment: versioned blueprints, policy enforcement, drift detection, and repeatable deployments.

hashtag
Discovery and drift detection

Discovery and drift detection are complementary features that address different sides of the same problem: keeping your declared infrastructure aligned with reality.

Feature
What it answers
Scope

Discovery

"What exists in my cloud?"

All resources in the connected account, managed and unmanaged

Drift detection

"Does my managed infrastructure match the code?"

Only resources managed by a specific environment

Discovery gives you the broad picture: the full inventory of your cloud, including resources that Bluebricks does not manage. Drift detection gives you the deep picture: whether the resources that are managed still match their declared configuration.

Together, they form a continuous feedback loop:

  1. Discovery reveals unmanaged resources that should be codified

  2. The cloud import agent brings those resources under IaC control

  3. Drift detection monitors the newly managed resources for configuration changes

  4. If drift is detected, you can review the diff or enable auto-remediation to correct it automatically

hashtag
Use cases

  • Onboarding existing infrastructure: Discover and import manually provisioned cloud resources into managed blueprints using an agent-assisted workflow instead of writing Terraform from scratch.

  • Multi-cloud visibility: Connect AWS, GCP, and Azure accounts to view all resources in one unified cloud graph.

  • Compliance and audit: Identify unmanaged production resources to ensure everything is governed by IaC.

  • Shadow IT detection: Surface out-of-process resources so teams can import them into blueprints or clean them up.

  • Pre-migration assessment: Build a complete inventory with dependencies to plan account or region migrations.

hashtag
What's next?

Cover

Enable drift detection

Cover

Get to know the cloud graph

Cover

Start codifying with the cloud import agent

Previous.bricksignoreNextEnvironments

Last updated

Was this helpful?