Connecting your cloud

BigAnimal access requirements

BigAnimal needs access to your cloud to perform maintenance. BigAnimal CLI commands used for connecting your cloud to BigAnimal set some of these permissions for you. For details on these and other permissions or policies required by BigAnimal, refer to the corresponding topic for your cloud provider.

BigAnimal also requires permissions to run Kubernetes cluster services for PostgreSQL workloads and the associated storage services. It requires a set of supporting permissions:

  • Services for monitoring and logging to produce service telemetry information

  • To set up networking so PostgreSQL workloads are reachable by customer applications and telemetry data is collected

  • To provision vaults for safe storage of data at rest encryption keys

  • To create workload identities and manage their permissions

  • A small set of supporting permissions to ensure access to the services above and availability of cloud account information

The scope of these permissions is limited to the associated cloud account.


In your cloud provider shell, make sure that your environment is running:

  • Bash shell version 4.0 or above.
  • BigAnimal CLI version 1.4 or later. For details, see Installing the CLI.

For additional cloud provider-specific requirements, see Setting up specific cloud providers.

Overview of connecting your cloud


If you're using Cloud Shell, add the ./ prefix to the biganimal command (./biganimal).

  1. Open your cloud provider shell in your browser.

  2. Create a BigAnimal CLI credential:

    biganimal create-credential --name <cred> --address --port 443
  3. To set up your cloud provider, run the setup-csp command :

    biganimal setup-csp 

    Don't delete the ba-passport.json file created in your working directory. It contains important identity and access management information used by connect-csp while connecting to your cloud.


    Your organization might require you to review the scripts that are invoked while setting up your cloud account. To generate the scripts invoked by setup-csp, execute the command without the --run option. You can then review and manually execute ba-csp-preflight and then ba-csp-setup from your working directory.

    The command checks for cloud account readiness and displays the results. Make any needed adjustments to your cloud configuration.

  4. If the cloud readiness checks pass, your cloud account is successfully set up. Connect your cloud account to BigAnimal:

    biganimal connect-csp --provider  <cloud-service-provider> --project <project-name>

    Once your cloud account is successfully connected to BigAnimal, you and other users with the correct permissions can create clusters.

Setting up specific cloud providers

For step-by-step instructions for setting up specific cloud providers, see: