Declare Your Cloud

Let Fugue Automate the Rest

Control Your Cloud

Control & Collaboration

Fugue reins in the complexity of cloud operations at scale to bring control and order to IT.

  • Facilitate secure collaboration with role-based access controls to regulate the creation and modification of cloud resources so teams can collaborate securely.
  • Centralize the management of multiple, dynamic cloud environments that span many AWS accounts and deliver resources to the right teams fast.
  • Get a concise, real-time view of your entire cloud footprint and eliminate the guesswork that leads to wasteful spending, security vulnerabilities, and time-consuming audits.
Control your cloud with the Fugue cloud management platform

How Fugue Works

An Infrastructure-Level OS for the Cloud

Fugue consists of a Conductor, which acts as a “kernel” for automating your cloud infrastructure operations and enforcement, a Command Line Interface to initiate and control processes, and Compositions for declaring and validating cloud infrastructure and policies.

Fugue operates each cloud environment as a managed process, providing an accurate, real-time view of your entire cloud footprint. Eliminate the guesswork and orphaned infrastructure that can lead to wasteful spending, security vulnerabilities, and time-consuming audits. Fugue is your operational source of truth and trust for the cloud.

Hello World, Part 1: Quick Setup

Automate Your Cloud

The Fugue Conductor

The Fugue Conductor runs inside your designated AWS account and automates the full lifecycle of cloud infrastructure environments.

  • Bring structure and clarity to cross-team, multi-environment cloud operations with Fugue’s managed process model.
  • Continuously monitor and enforce your cloud infrastructure, ensuring you always know what’s running and how everything is configured.
  • Eliminate time-consuming maintenance burdens and reduce the deployment failures that result from drift and manual intervention.
$ fugue status

Fugue Status Report for user/123456789012 - Thu Jun 22 8:28pm

State    Updated    Created    Account                   FID                                   Alias              Last Message
-------  ---------  ---------  ------------------------  ------------------------------------  -----------------  --------------
Running  9:38am     9:38am     analytics-1234567890124   13deb265-bbc6-4366-8255-a39d07e32de8  analytics-staging  SUCCESS
Running  1:46pm     1:29pm     analytics-1234567890124   948599be-8188-4476-b12b-c6117d023a83  analytics          SUCCESS
Running  12:42pm    12:42pm    production-1234567890125  10be0e2c-5e88-4a10-8722-d7db97932261  mobile-api-prod    SUCCESS
Running  12:42pm    12:42pm    production-1234567890125  563c68e7-418c-4214-9b73-051c81a3eea9  web-app-prod       SUCCESS

$ fugue account list

Fugue Managed Accounts for user/123456789012 - Thu Jun 22 8:28pm

Name             Account Id                Provider    Provider Id    Credential
---------------  ------------------------  ----------  -------------  -----------------------------------------------------------
analytics        analytics-1234567890124   aws         123456789013   arn:aws:iam::123456789013:role/fugueCross
fugue (default)  fugue-1234567890123       aws         123456789012   arn:aws:iam::123456789012:role/fugue-FugueIam-1F70MYTS9QNUN
production       production-1234567890125  aws         123456789014   arn:aws:iam::123456789014:role/fugueMulti
$ fugue run Dev-sam.lw -a production

[ fugue run ] Running Dev-sam.lw

Run Details:
    Account: default
    Alias: production

Compiling Ludwig file /Users/sage/projects/loadgen/Dev-sam.lw
[ OK ] Successfully compiled. No errors.

Uploading compiled Ludwig composition to S3...
[ OK ] Successfully uploaded.

Requesting the Conductor to create and run process based on composition ...
[ DONE ] Process created and running.

State    Updated    Created    Account              FID                                   Alias       Last Message
-------  ---------  ---------  -------------------  ------------------------------------  ----------  --------------
Running  9:52am     9:52am     fugue-1488322176229  acf49646-9701-4fa6-996d-adc43ded5fa4  production

[ HELP ] Run the 'fugue status' command to view details and status for all Fugue processes.
$ fugue history production

Jobs History Report for staging/123456789012 - Thu Jun 22 8:28pm
production (acf49646-9701-4fa6-996d-adc43ded5fa4)

Row Id      Started    Last Updated    Job Type    Jobs Ran    Job Status    Description
----------  ---------  --------------  ----------  ----------  ------------  -------------
1488563809  9:56am                     SYSTEM      0           IN PROGRESS
1488563658  9:54am     9:56am          SYSTEM      5           SUCCEEDED     JobSucceeded
1488563569  9:52am     9:54am          RUN         1           SUCCEEDED     JobSucceeded

Declare Your Cloud

Fugue Compositions

Use Fugue Compositions to declare your cloud infrastructure as code and policy as code. Getting started is as easy as using YAML, but Fugue delivers powerful features beyond what any configuration syntax or templating tool can provide.

  • Get fast feedback and validation and use Fugue’s dry run option to preview changes to your infrastructure and be sure that infrastructure compositions will run as desired and will remain in compliance with policy.
  • Leverage rich libraries of infrastructure compositions and policies to gain efficient control and consistency across deployments.
  • Collaborate with code commenting, sharable compositions and libraries, auto-generated documentation, and infrastructure change plans.

# import AWS modules from Fugue Standard Library
# and custom libraries
import Fugue.AWS as AWS
import Fugue.AWS.Pattern.Network as Network
import Demo as Demo

# create VPC and underlying network objects
# (i.e. subnets, routes, gateways…)
demo-app-network: {
  name: "demo-app-network",
  region: Demo.demo-app-region,
  cidr: "",
  publicSubnets: [
    (AWS.A, ""),
    (AWS.B, ""),
  privateSubnets: [],
# import AWS modules from Fugue Standard Library
import Fugue.AWS as AWS
import Fugue.AWS.EC2 as EC2
import Fugue.AWS.ELB as ELB
import Fugue.AWS.IAM as IAM
import Fugue.AWS.DynamoDB as DynamoDB
import Fugue.AWS.AutoScaling as AutoScaling

# declare region
demo-app-region: AWS.Us-west-2

# create DynamoDB table
demo-app-table: with {
  name: "demo-app-table",
  attributes: {"PropertyName": DynamoDB.S},
  schema: {"PropertyName": DynamoDB.HASH},
  provisionedThroughput: {
    read: 10,
    write: 10,
  region: demo-app-region,

# create AutoScaling Group
  AutoScaling.AutoScalingGroup.default with {
    subnets: demo-app-network.publicSubnets,
    loadBalancers: [demo-app-elb],
    minSize: 4,
    maxSize: 4,
    launchConfiguration: demo-app-lc,
    tags: [demo-app-tag],
    terminationPolicies: [AutoScaling.ClosestToNextInstanceHour],
    enabledMetrics: [

# create ASG Launch Configuration
  AutoScaling.LaunchConfiguration.default with {
    image: "ami-3019d850",
    securityGroups: [demo-app-web-sg],
    instanceType: EC2.T2_micro,
    associatePublicIpAddress: True,
    iamInstanceProfile: demo-app-instance-profile

# create IAM role
demo-app-role: {
  roleName: 'demo-app-role',
  assumeRolePolicyDocument: IAM.Policy.AssumeRole.ec2,
  rolePolicies: [demo-app-role-policy]

demo-app-instance-profile: {
  instanceProfileName: 'demo-app-instance-profile',
  roles: [demo-app-role]

demo-app-role-policy: {
  policyName: 'ddb-policy',
  policyDocument: String.readFileUtf8(“policies/ddb.json")

# create Elastic Load Balancer
demo-app-elb: with {
  loadBalancerName: "demo-app-elb",
  subnets: demo-app-network.publicSubnets,
  healthCheck: ELB.HealthCheck({
    target: "TCP:3000",
    interval: 15,
    timeout: 3,
    unhealthyThreshold: 3,
    healthyThreshold: 3
  securityGroups: [demo-app-elb-sg],
  listeners: [demo-app-listener],
  tags: [demo-app-tag],

# create ELB Listener
demo-app-listener: with {
  protocol: ELB.HTTP,
  loadBalancerPort: 80,
  instancePort: 3000

# create ELB Security Group
demo-app-elb-sg: EC2.SecurityGroup({
  description: "Allow http/s traffic from the Internet",
  ipPermissions: [elbHTTPS, elbHTTP],
  ipPermissionsEgress: None,
  tags: [demo-app-tag],
  vpc: demo-app-network.vpc

elbHTTP: EC2.IpPermission({
  ipProtocol: "tcp",
  fromPort: 80,
  toPort: 80,
  prefixLists: None,
  target: internetCIDR

elbHTTPS: EC2.IpPermission({
  ipProtocol: "tcp",
  fromPort: 443,
  toPort: 443,
  prefixLists: None,
  target: internetCIDR

# create web instance Security Group
  description: "Allow http traffic from the ELB SG",
  ipPermissions: [webHTTP],
  ipPermissionsEgress: None,
  tags: [demo-app-tag],
  vpc: demo-app-network.vpc

webHTTP: EC2.IpPermission({
  ipProtocol: "tcp",
  fromPort: 3000,
  toPort: 3000,
  prefixLists: None,
  target: EC2.SecurityGroups([demo-app-elb-sg])

import Fugue.System.Policy as .

# Add your default account ID below. You can find
# this ID by executing `fugue account list`.
default: Account(accountId: "fugue-1234567890123")
analytics: Account(accountId: "analytics-1234567890124")

alice: User {userId: "alice"}

aliceLimitedAccessDefault: accountRules {
          principals: [alice],
          accounts: [default],

hector: User {userId: "hector"}

hectorLimitedAccessDefault: accountRules {
          principals: [hector],
          accounts: [default],

sam: User {userId: "sam"}

samLimitedAccessDefault: accountRules {
          principals: [sam],
          accounts: [analytics],

Fugue 101

Documentation & Examples

Fugue's documentation was created to offer more than a simple product manual. Each section is organized to support quick answers to basic questions and encourage exploration into more complex topics.

We designed Fugue’s docs to provide real, usable information. From hands-on instruction, to the FAQ, to our video tutorials—the goal is to make sure the documentation becomes a go-to resource, not a last resort. Select any of the links to get started and see how Fugue can help transform your cloud operations.


Transform Your Cloud Ops

Fugue works with today’s applications, toolchains, and workflows and supports traditional and cloud-native architectures.

  • Secure Collaboration

    Regulate the creation and modification of cloud resources with role-based access controls and policy-as-code.

  • Centralizes Ops Control

    Manage multiple, dynamic cloud environments that span numerous AWS accounts.

  • Cloud Service Delivery

    Provide fast access to reliable cloud environments for internal teams or external customers.

  • Change Control

    Understand infrastructure changes before they’re applied and include plans in approval processes.

  • CI/CD Workflows

    Complete your CI/CD workflow by automating the lifecycle management of cloud infrastructure.

  • Immutable Infrastructure

    Automate instance replacement and enforce configurations of networks and firewall rules.

  • Container Infrastructure

    Simplify the creation and management of infrastructure services required for container ops.

  • Serverless Computing

    Adopt serverless services such as AWS Lambda and integrate them seamlessly into your cloud workloads.

Take Control of Your Cloud Today

You and your team can be productive with Fugue on AWS in less than an hour, without the need for professional services.