Declare Your Cloud

Let Fugue automate the rest.

How Fugue Works

The Cloud Operating System

Fugue consists of a modular, statically typed language (Ludwig), a “kernel” for automating cloud infrastructure operations (the Fugue Conductor), and a Command Line Interface (the Fugue CLI) to initiate and control processes.

The Fugue Conductor runs on an instance inside your cloud account and within its own isolated network, which it creates. It has no open ports and outbound communications are solely with cloud provider APIs.

Diagram of how Fugue works

Declare Your Cloud

Fugue Compositions

Ludwig is language for declaring cloud infrastructure as code—and policy as code. It is human-readable, modular, versionable, validated in design time, and enforced in the runtime.

  • Get fast feedback and validation with Fugue’s dry run option. Use it to preview changes to your infrastructure and to be sure that infrastructure compositions will run as desired and will remain in compliance with policy.
  • Leverage rich libraries of infrastructure compositions and policies to gain efficient control and consistency across deployments.
  • Collaborate with code commenting, sharable libraries, auto-generated documentation, and infrastructure change plans.

# import AWS modules from Fugue Standard Library
# and custom libraries
import Fugue.AWS as AWS
import Fugue.AWS.Pattern.Network as Network
import Demo as Demo

# create VPC and underlying network objects
# (i.e. subnets, routes, gateways…)
demo-app-network: {
  name: "demo-app-network",
  region: Demo.demo-app-region,
  cidr: "",
  publicSubnets: [
    (AWS.A, ""),
    (AWS.B, ""),
  privateSubnets: [],
# import AWS modules from Fugue Standard Library
import Fugue.AWS as AWS
import Fugue.AWS.EC2 as EC2
import Fugue.AWS.ELB as ELB
import Fugue.AWS.IAM as IAM
import Fugue.AWS.DynamoDB as DynamoDB
import Fugue.AWS.AutoScaling as AutoScaling

# declare region
demo-app-region: AWS.Us-west-2

# create DynamoDB table
demo-app-table: with {
  name: "demo-app-table",
  attributes: {"PropertyName": DynamoDB.S},
  schema: {"PropertyName": DynamoDB.HASH},
  provisionedThroughput: {
    read: 10,
    write: 10,
  region: demo-app-region,

# create AutoScaling Group
  AutoScaling.AutoScalingGroup.default with {
    subnets: demo-app-network.publicSubnets,
    loadBalancers: [demo-app-elb],
    minSize: 4,
    maxSize: 4,
    launchConfiguration: demo-app-lc,
    tags: [demo-app-tag],
    terminationPolicies: [AutoScaling.ClosestToNextInstanceHour],
    enabledMetrics: [

# create ASG Launch Configuration
  AutoScaling.LaunchConfiguration.default with {
    image: "ami-3019d850",
    securityGroups: [demo-app-web-sg],
    instanceType: EC2.T2_micro,
    associatePublicIpAddress: True,
    iamInstanceProfile: demo-app-instance-profile

# create IAM role
demo-app-role: {
  roleName: 'demo-app-role',
  assumeRolePolicyDocument: IAM.Policy.AssumeRole.ec2,
  rolePolicies: [demo-app-role-policy]

demo-app-instance-profile: {
  instanceProfileName: 'demo-app-instance-profile',
  roles: [demo-app-role]

demo-app-role-policy: {
  policyName: 'ddb-policy',
  policyDocument: String.readFileUtf8(“policies/ddb.json")

# create Elastic Load Balancer
demo-app-elb: with {
  loadBalancerName: "demo-app-elb",
  subnets: demo-app-network.publicSubnets,
  healthCheck: ELB.HealthCheck({
    target: "TCP:3000",
    interval: 15,
    timeout: 3,
    unhealthyThreshold: 3,
    healthyThreshold: 3
  securityGroups: [demo-app-elb-sg],
  listeners: [demo-app-listener],
  tags: [demo-app-tag],

# create ELB Listener
demo-app-listener: with {
  protocol: ELB.HTTP,
  loadBalancerPort: 80,
  instancePort: 3000

# create ELB Security Group
demo-app-elb-sg: EC2.SecurityGroup({
  description: "Allow http/s traffic from the Internet",
  ipPermissions: [elbHTTPS, elbHTTP],
  ipPermissionsEgress: None,
  tags: [demo-app-tag],
  vpc: demo-app-network.vpc

elbHTTP: EC2.IpPermission({
  ipProtocol: "tcp",
  fromPort: 80,
  toPort: 80,
  prefixLists: None,
  target: internetCIDR

elbHTTPS: EC2.IpPermission({
  ipProtocol: "tcp",
  fromPort: 443,
  toPort: 443,
  prefixLists: None,
  target: internetCIDR

# create web instance Security Group
  description: "Allow http traffic from the ELB SG",
  ipPermissions: [webHTTP],
  ipPermissionsEgress: None,
  tags: [demo-app-tag],
  vpc: demo-app-network.vpc

webHTTP: EC2.IpPermission({
  ipProtocol: "tcp",
  fromPort: 3000,
  toPort: 3000,
  prefixLists: None,
  target: EC2.SecurityGroups([demo-app-elb-sg])

Automate Your Cloud

The Fugue Conductor

The Fugue Conductor runs inside your AWS account and automates the full lifecycle management of cloud infrastructure.

  • Continuously monitor and enforce your cloud infrastructure configurations and policies, ensuring you always know what’s running.
  • Eliminate time-consuming infrastructure maintenance burdens that keep your team from focusing on what matters—your applications.
  • Reduce the deployment failures that result from configuration drift and error-prone human intervention in running infrastructure.
Fugue CLI
$ fugue run Main.lw -a Demo

[ fugue run ] Running /Users/fugue/Main.lw...

Compiling Ludwig file /Users/fugue/Main.lw
[ OK ] Successfully compiled. No errors.

Uploading compiled Ludwig composition to S3...
[ OK ] Successfully uploaded.

Asking Fugue to launch and run composition infrastructure...
Fugue is running the composition FID:94a431f6-7a7d-4d5d-ae7a-7aa2921c5a96, Alias:Demo.

$ fugue status

Fugue Status Report - Tue Jul 26 2016 2:14pm

State    Updated    Created    FID                                   Alias    Last Message
-------  ---------  ---------  ------------------------------------  -------  --------------
Running  2:14pm     2:14pm     94a431f6-7a7d-4d5d-ae7a-7aa2921c5a96  Demo

Fugue 101

Documentation & Examples

Fugue's documentation was created to offer more than a simple product manual. Each section is organized to support quick answers to basic questions and encourage exploration into more complex topics.

We designed Fugue’s docs to provide real, usable information. From hands-on instruction, to the FAQ, to our video tutorials—the goal is to make sure the documentation becomes a go-to resource, not a last resort. Select any of the links to get started and see how Fugue can help transform your cloud operations.


Transform Your Cloud Ops

Fugue works with today’s applications, toolchains, and workflows and supports traditional and cloud-native architectures.

  • CI/CD Workflows

    Complete your CI/CD workflow by automating the lifecycle management of cloud infrastructure.

  • Immutable Infrastructure

    Automate instance replacement and enforce configurations of networks and firewall rules.

  • Container Infrastructure

    Simplify the creation and management of infrastructure services required for container ops.

  • Serverless Computing

    Adopt serverless services such as AWS Lambda and integrate them seamlessly into your cloud workloads.

  • Cloud Adoption

    Streamline cloud adoption and migration with simplified infrastructure-as-code deployments.

  • Today’s Workloads

    From legacy applications born in the datacenter to the latest cloud-native workloads, Fugue has you covered.

  • Compliance Enforcement

    Ensure compliance validation at design time and continuous enforcement in production.

  • Change Control

    Understand infrastructure changes before they’re applied and include plans in approval processes.

Now Available for Free on AWS