Connect your Cloud

Overview

Connecting a cloud account is the first step to using Bluebricks. Once connected, Bluebricks ingests your cloud resources into the context layer, giving the agent visibility into what is running across your accounts and regions.

A cloud provider represents a top-level boundary for cloud resources (such as an AWS account or GCP project). You connect it by granting Bluebricks a delegated role with the permissions needed to read, and optionally manage, your resources.

Supported cloud providers

• Amazon Web Services (AWS)

• Google Cloud Platform (GCP)

• Microsoft Azure

Kubernetes visibility

Managed Kubernetes clusters (EKS, GKE, AKS) use your existing cloud connections with discovery enabled, not a separate provider in the app. See Kubernetes Integration for prerequisites, network access, and how live workload indexing works.

Permissions

Bluebricks separates cloud provider permissions into two roles:

• Discovery permissions allow Bluebricks to read and inventory resources. This is a read-only permission set that powers the context layer and the agent

• Orchestration permissions allow Bluebricks to create, modify, and destroy infrastructure. This is required for deploying blueprints through the orchestration platform

A cloud provider can have one or both permission types, depending on what you need:

Orchestration: collections

When using the orchestration platform, each cloud provider is linked to one or more collections. A single cloud provider can be shared across multiple collections (for example, staging and production) to support isolated workflows while reusing the same cloud setup. For more on collections, see Collections.

Self-hosted runner

Connect a self-hosted orchestrator to allow Bluebricks to connect to your cluster in a secure, controlled way without sharing long-lived credentials. See how to set up a self-hosted runner.