# Connect your Cloud

## Overview

Connecting a cloud account is the first step to using Bluebricks. Once connected, Bluebricks ingests your cloud resources into the context layer, giving the agent visibility into what is running across your accounts and regions.

A **cloud provider** represents a top-level boundary for cloud resources (such as an AWS account or GCP project). You connect it by granting Bluebricks a delegated role with the permissions needed to read, and optionally manage, your resources.

<figure><picture><source srcset="/files/K9EPrxd67tab8SP8oYgt" media="(prefers-color-scheme: dark)"><img src="/files/8ir9ZNewN3UZ7MKCbrQR" alt=""></picture><figcaption></figcaption></figure>

## Supported cloud providers

* [Amazon Web Services (AWS)](/docs/getting-started/connect-your-cloud/how-to-connect-aws.md)
* [Google Cloud Platform (GCP)](/docs/getting-started/connect-your-cloud/how-to-connect-gcp.md)
* [Microsoft Azure](/docs/getting-started/connect-your-cloud/how-to-connect-azure.md)

## Permissions

Bluebricks separates cloud provider permissions into two roles:

* **Discovery** permissions allow Bluebricks to read and inventory resources. This is a read-only permission set that powers the context layer and the agent
* **Orchestration** permissions allow Bluebricks to create, modify, and destroy infrastructure. This is required for deploying blueprints through the orchestration platform

A cloud provider can have one or both permission types, depending on what you need:

<table><thead><tr><th width="233.38671875">Permission combination</th><th>What you can do</th></tr></thead><tbody><tr><td>Discovery only</td><td>Inventory and explore cloud resources via the agent. No deployments</td></tr><tr><td>Orchestration only</td><td>Deploy and manage blueprints. No resource discovery or import</td></tr><tr><td>Discovery + Orchestration</td><td>Full visibility plus deployment capabilities. Required for <a href="/pages/x3iM4t1mLZSJhnumzB2R">codifying infrastructure</a></td></tr></tbody></table>

{% hint style="info" %}
Both permission types are set at the cloud provider level and apply to all collections that use that account. **Separate permission types are currently only available for AWS.**
{% endhint %}

## Orchestration: collections

When using the [orchestration platform](/docs/getting-started/building-blocks.md#orchestration), each cloud provider is linked to one or more [collections](/docs/orchestration/collections.md). A single cloud provider can be shared across multiple collections (for example, staging and production) to support isolated workflows while reusing the same cloud setup. For more on collections, see [Collections](/docs/orchestration/collections.md).

## Self-hosted runner

Connect a self-hosted orchestrator to allow Bluebricks to connect to your cluster in a secure, controlled way without sharing long-lived credentials. See [how to set up a self-hosted runner](/docs/organization-and-security/bluebricks-self-hosted-runner/what-is-a-self-hosted-cloud.md).


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://bluebricks.co/docs/getting-started/connect-your-cloud.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.