Connect your Cloud

Start mapping your clouds.

Overview

To create an collection and start deploying you would need to associate it to your cloud account by proving it a delegated role with the permissions needed to provision and manage resources. Alternatively, you can also deploy the Bluebricks orchestrator in a self-hosted service through an equivalent trusted identity.

Each cloud connection you set up can be reused across multiple collections. This allows you to create different collections (e.g dev, staging, and production) on top of the same underlying cloud account. Reusing a connection keeps credential management simple while still giving you the flexibility to separate workloads, enforce access rules, and apply governance controls per collection. It’s especially useful when teams share a cloud account but need isolated spaces for their own environments.

Collection permissions

Bluebricks separates cloud account permissions into two distinct roles:

Orchestration permissions allow Bluebricks to create, modify, and destroy infrastructure in the connected cloud account. This is the standard permission set for deploying blueprints.
Discovery permissions allow Bluebricks to read and inventory resources in the connected cloud account. This is a read-only permission set used for cloud discovery.

A collection can have one or both permission types, depending on what you need:

Permission combination

What you can do

Orchestration only

Deploy and manage blueprints. No resource discovery or import

Discovery only

Inventory and explore cloud resources. No deployments

Orchestration + Discovery

Full visibility plus deployment capabilities. Required for the cloud import agent

Both permission types are set at the cloud account level and apply to all collections that use that account.

Connect to Amazon Web Service (AWS)

Connect an AWS Account to a Bluebricks Collection:

Click "Connect Cloud" on the collection you want to link to AWS
Select AWS as the Cloud Provider
Choose an existing Account Number or click "New Account"
If creating a New Account, enter the Role ARN ID and CloudFormation Stack ID.
Click "Connect & Create" to complete the setup. 🚀

Connect to Google Cloud Provider (GCP)

Connect a Google Cloud Project to a Bluebricks collection:

Click "Connect Cloud" on the collection you want to link to GCP
Select GCP as the Cloud Provider
Choose an existing Project ID or click "New Project"
If creating a New Project, enter the Google Cloud Project ID.
Click "Connect & Create" to complete the setup. 🚀

Connect to Azure Cloud Computing Services using OIDC

Connect an Azure Subscription to a Bluebricks collection:

Click "Connect Cloud" on the collection you want to link to Azure
Select Azure as the Cloud Provider
Choose an existing Subscription ID or click "New Subscription ID"
If creating a New Subscription ID, enter the Application (client) ID, Directory (tenant) ID and Subscription ID.
Click "Connect & Create" to complete the setup. 🚀

Connect to Self-Hosted Runner

Connect a self-hosted orchestrator to allow Bluebricks to connect to your cluster in a secure, controlled way without sharing long-lived credentials. See here how to setup a self-hosted runner.

PreviousCreating Collections NextOwners and Members

Last updated 6 days ago

Was this helpful?

Good evening

hashtagOverview

hashtagCollection permissions

hashtagConnect to Amazon Web Service (AWS)

hashtagConnect to Google Cloud Provider (GCP)

hashtagConnect to Azure Cloud Computing Services using OIDC

hashtagConnect to Self-Hosted Runner