Frequently Asked Questions

What is Fugue?

Fugue Basics

What’s Fugue?

Fugue is an infrastructure-level cloud operating system. It builds, operates, and terminates cloud infrastructure and services and automates the continuous enforcement of declared infrastructure configurations. Fugue completes the DevOps workflow by automating cloud lifecycle management via enforced and versionable infrastructure as code. Fugue is software that you run in your cloud account to build and operate your cloud infrastructure, providing a single source of truth and trust for the cloud.

What’s Ludwig?

Ludwig is a simple language designed specifically for coding cloud infrastructure. Fugue uses Ludwig compositions to automatically build, update, and continuously maintain declared infrastructure. Ludwig features a type system for fast feedback, code and compliance validation, and meaningful errors. It also supports commenting for collaboration and documentation generation. Shareable modules allow you to break up and collapse complexity into simple abstractions to provide consistency across DevOps teams.

What does “Cloud Operating System” mean?

Many view clouds like Amazon Web Services and Microsoft Azure as remote data centers and manage cloud-based workloads much like they manage workloads in on-premise data centers. But these clouds are, in fact, planet-scale distributed computers. Fugue is a new kind of operating system designed for this new kind of computer. We can fully realize the agility, control, security, and efficiency that the cloud promises when we shift from managing “data centers in the cloud” to fully automating the use of clouds as computers.

Is cloud computing experience a prerequisite to using Fugue?

Technically no, you do not need cloud computing experience to use Fugue; however, it may be helpful. Specifically, you should understand your application’s architecture and how your application works. In addition, you should know which cloud infrastructure services your application may need, such as computing or storage. You declare your cloud infrastructure using simple syntax, and Fugue assumes the complexity of building, operating, and maintaining it.

Why Do I Need Fugue?

Why do I need Fugue?

Fugue removes the complexity and undifferentiated burden of configuring and maintaining cloud infrastructure, allowing you and your team to focus on creating value with your applications. If you want to stop wasting time managing configuration details, maintaining infrastructure, ensuring compliance, and chasing bugs in production, consider using Fugue to run your cloud workloads.

Who can benefit from using Fugue?

Because Fugue is an infrastructure-level operating system for the cloud, anyone deploying workloads in the cloud can benefit from it. Large enterprises face complex challenges managing workloads at scale in the cloud, and they can benefit from the operational efficiency, compliance and policy enforcement, and business agility that Fugue provides. Those running smaller workloads in the cloud can benefit from the “set it and forget it” benefits of Fugue, allowing scarce resources to be devoted to value-creating applications rather than costly infrastructure maintenance.

What are some high-level use cases for Fugue?

Fugue fully automates the creation, operations, and maintenance of cloud infrastructure for a wide variety of workloads and centralizes control and collaboration for cloud operations at scale. Some of the operational use cases for Fugue include:

  • Regulating the creation, modification, and access to cloud resources with role-based access controls
  • Providing fast access to reliable cloud infrastructure environments for internal teams or external customers
  • Managing multiple, dynamic cloud environments that span AWS accounts
  • Completing your CI/CD workflow by automating the lifecycle management of cloud infrastructure
  • Simplifying the creation and management of container clusters, networks, and related infrastructure services
  • Ensuring policy validation at design time and continuous enforcement of infrastructure configurations in production
  • Showing the impact of infrastructure changes before they’re applied so you can include plans in approval processes

Take a look at our Product Page to see details about Fugue’s capabilities or Fugue by Example to walk through a specific scenario.

How does Fugue save me money in the long run?

Fugue greatly reduces the need for deep cloud expertise in adopting and scaling cloud use. Fugue radically reduces costly infrastructure operations and maintenance burdens, allowing you and your team to focus on creating value with your applications, not managing infrastructure configuration details and debugging in production.

Fugue and Ludwig Internals

How Does Fugue Work?

How does Fugue work?

Fugue runs on a virtual machine (EC2 instance) inside your Amazon Web Services account and uses cloud APIs to build, update, and enforce your infrastructure.

There are two main components to Fugue: the CLI, which is installed locally, and the Fugue Conductor, which is installed in your AWS account. Take a look at the System Architecture page to read more about Fugue’s components and how they operate.

Is Fugue a SaaS / PaaS?

Fugue is a software product, not Software as a Service (SaaS) or Platform as a Service (PaaS). You run the Fugue software inside your own cloud account. Fugue does not “call home” to Fugue, Inc. or any third party; we’ve taken this approach to meet the requirements of our more complex and security-conscious customers.

We put a lot of effort into making Fugue easy to adopt and run. With Fugue, you get the simplicity of a PaaS without the limitations that can affect your application architecture and often prohibit you from customizing your infrastructure.

How does Fugue enforce infrastructure?

Fugue continuously inspects your running cloud infrastructure and compares it to the declarations in your composition. Whenever Fugue identifies a difference between what you’ve declared and what’s running, it returns your infrastructure to the way it should be. To see when such events have occurred, check the Fugue broker logs, as shown in the Fugue User Guide’s Logging chapter.

How does Fugue do all of this “continuously and automatically”?

Your Ludwig composition represents the desired state of your cloud infrastructure. Fugue runs in your AWS account and continuously monitors your infrastructure to compare its current state against the desired state declared in the composition. If there are differences, Fugue automatically corrects them to match the desired state and notify you of the changes.

Does Fugue “call home”?

No, Fugue does not “call home.” The Fugue CLI is installed on a client machine you control, such as your laptop or an EC2 instance within your AWS account, and the Fugue Conductor runs on another EC2 instance within your AWS account. There are no open ports on protocols on the Fugue Conductor. The Fugue Conductor and Fugue CLI communicate with each other using the AWS API, but neither component sends information back to Fugue, Inc. or anyone else.

How does Fugue handle security?

Fugue is designed from the ground up to be a secure system. The Fugue security model values risk avoidance over risk reduction, and best practices for defense-in-depth are followed. The exact security posture of a running Fugue instance depends on some choices you can make as a user, but we recommend the following best practices:

  • Do not enable any inbound TCP connections to the Fugue Conductor. Not even SSH. All communication required with it can be done via asynchronous messages, object storage, or similar. These resources are all protected by privileged AWS API calls, and the Fugue CLI handles all of this communication for you. Troubleshooting or other exceptional circumstances may require exceptions to this rule, but they should be just that – exceptions.
  • Run Fugue in a dedicated AWS account, apart from those used for your actual application infrastructure. This way, application accounts can vend a privileged role to the Fugue account, but the application accounts cannot control the privileged Fugue account. Using the Consolidated Billing feature, you can easily separate concerns among accounts but have one bill to pay.

How do Compositions work?

How does Ludwig work?

The short answer is that Ludwig is Fugue’s programming language. It uses a very simple syntax in files called compositions to automatically build, update, and maintain your declared infrastructure.

Take a look at the Ludwig Programming Guide for a more in-depth exploration of Ludwig, how it works, and to view some examples of Ludwig compositions.

What is “infrastructure as code”?

Infrastructure used to be just infrastructure. It meant servers sitting in a rack, with cables and routers between them and some cables going to the outside world. Making tweaks to the infrastructure actually required physical changes. This is undesirable for obvious reasons, which is why we turned to software-defined infrastructure: that way, it is possible for software to make changes to the infrastructure, instead of having to make hardware changes. The core idea is that the infrastructure is defined by code, in our case this means Ludwig. This approach allows at-a-glance visibility into what the infrastructure is like along with version control, compliance and policy enforcement, auditing, automation, and abstraction.

Why did you write your own language?

We wrote Ludwig to provide a customized solution for cloud automation. At Fugue, we gave developing Ludwig a lot of consideration. We knew that new languages impose a burden, though we strive to make Ludwig easy to learn. We decided to develop Ludwig after we reasoned that Fugue is a new kind of software, with a new approach to thinking about and solving cloud automation problems.

To read more about our thinking on this check out Why Ludwig? in the Ludwig Programming Guide.

Why should I care that Ludwig is “statically typed”?

Ludwig is statically typed, as every value is known at compile time (i.e., before the program runs). This allows Ludwig’s compiler to check the static types prior to running a composition (Ludwig file) in AWS, preventing a large class of potential errors.

While no type system can prevent all errors, in Ludwig every value has a type and each of these is checked. Additionally, Ludwig has type inference, which means that the compiler can infer the type of a value from how it’s used. That way, the number of type annotations the programmer has to write is kept to a bare minimum.

Do I need to be a programmer to write Ludwig?

In the most common Ludwig use cases, examples are provided. Users can edit the values in the text (Ludwig) file to meet their specific configuration needs. That being said, if you want to extend our libraries or build files with more complex patterns, some programming experience (in any language) can be very useful.

How does Ludwig compare to common programming languages?

In general, Ludwig is a bit different when compared to common programming languages such as Python, Java, and C/C++. Since value immutability is an important property of the language, it is closer to languages such as Erlang or Haskell.

In addition, Ludwig is a functional language and does not have the concept of an object or class. There is only data, and functions that consume and produce said data. This means that the language is relatively simple, but powerful. That said, you do not need to have a working understanding of functional programming to use Ludwig.

Can I create my own Ludwig libraries?

Yes, this option is available for advanced users. Contact for additional details.

Where can I find other Ludwig libraries?

Existing Ludwig libraries are included in the Fugue installer and listed in the documentation under the Fugue Standard Library. At present, Fugue does not include a system to share any 3rd-party libraries.

Using Fugue

Setting Up Fugue

What do I need before I can get started with Fugue?

To get started with Fugue you will need:

  • Access to the Fugue Conductor AMI. If you would like to give Fugue a try, email us at We will enable self-service access to Fugue in the near future.
  • an AWS account
  • one of our supported operating systems:
    • OS X El Capitan (10.11.*), OS X Sierra (10.12.*)
    • Ubuntu (14.04 LTS, 16.04 LTS)
    • Amazon Linux (2016.03.3)
    • RHEL 6 & 7.2 (Yum/RPM)
    • Microsoft Windows - BETA (Windows 7, 10)

Check out the Let’s Go! for the full details.

How long does it take to set up Fugue? (or “How long does it take to get started with Fugue?”)

There are two components of Fugue to install. The CLI, which is installed on a client machine such as your laptop, or an EC2 instance you’re using as an SSH bastion host.

The second component is the Fugue Conductor, which is comprised of an EC2 instance and several other resources and is installed resident in your AWS account.

With the rights tools at the ready you can easily setup Fugue during a typical lunch break.

How do I set up Fugue?

We’ve got you covered. Check out Hello World, Part 1: Fugue Quick Setup to see the process.

How can I migrate my application to Fugue?

Contact our support team ( if you want to migrate your application to Fugue!

How long does Fugue take to boot up?

Typically it takes about 5 - 15 minutes for the Fugue Conductor to boot up.

Deploying Fugue

How does Fugue affect my uptime?

Fugue manages the resources that comprise your application via AWS APIs. It does not directly interact with your resources or your application and in this sense does not impact your uptime.

Additionally, Fugue continuously performs configuration enforcement to ensure that you are always running resources as they are exactly defined in your composition.

How does Fugue manage state?

Fugue keeps its state in S3 and DynamoDB. Check out the Processes chapter of our Fugue User Guide to see additional details about process, state, and transitions.

Can I run multiple Conductors at once?

At present, Fugue does not support running more than one Conductor at a time.

Can I run multiple Compositions at once?

Yes! A composition defines infrastructure configuration. Running a composition results in a process and this can be done more than once.

Check out Fugue by Example to review some sample compositions and the Ludwig Guide to review details about the language used to create compositions.

Integrating Fugue with Other Tools

Is Fugue compatible with configuration management systems?

Fugue is a configuration management system, in the sense that “infrastructure as code” can reflect a configuration management database(CMDB) by way of a version control system, like Git. Other configuration managements systems can use the information from Fugue compositions to inform their CMDB.

Does Fugue support Java applications?

Definitely. Fugue manages infrastructure through APIs, so the implementation language of programs isn’t really a concern. Whatever programming language you’re using – Java included – Fugue can help you deploy and manage it.

Is Fugue compatible with cloud monitoring solutions?

Yes. You can use any kind of monitoring service with infrastructure managed by Fugue. It is also possible to integrate the Fugue Conductor with monitoring services, but there is no support built-in for specific services.

Is Fugue compatible with log management tools?

Yes. As with monitoring, you can use any kind of log management system with infrastructure managed by Fugue. Fugue’s own logs are sent to CloudWatch Logs on AWS, where you can inspect what the system is doing.

Is Fugue compatible with server antivirus and/or firewalls?

Yes, this scenario is similar to custom monitoring. Infrastructure that Fugue manages can be arbitrarily integrated with whatever anti-virus or firewall solutions that meet your needs. The Fugue Conductor can also be especially equipped with antivirus software, though none are officially supported. Firewall protection is generally not a problem so long as the Conductor can reach AWS API endpoints – it requires no network ingress or egress.

Is Fugue compatible with cloud computing PaaS solutions?

It depends. At present, only AWS services are supported. Some AWS services, like Elastic Beanstalk, are PaaS offerings within AWS. These services are compatible with Fugue. For now, PaaS offerings outside of AWS are not supported.

Are you going to natively support EC2-Classic?

We don’t have specific plans to do so. Accounts that have the “EC2” platform (along with “VPC,” as opposed to just “VPC”) are supported, but since AWS is moving toward deprecation of the “EC2” platform, instances must be launched on the “VPC” platform with Fugue.

Is Fugue compatible with continuous integration tools?

Yes. You can easily use the Fugue CLI to integrate Fugue commands into continuous integration (CI) jobs, such as with Travis or Jenkins. At present, there are no special features or integration points for particular CI systems, but the simple command-line interface with Fugue is easily integrated with lots of tools.

Fugue & AWS

What cloud platform can I use with Fugue?

The Fugue Client Tools, which run on a local computer, support OSX, Linux, and Windows platforms. For specifics, see the Fugue Quick Setup.

For infrastructure management, at present Fugue only provides support for Amazon Web Services (AWS).

Will Fugue be available for other cloud platforms, like Google Cloud Platform or Microsoft Azure?

We have plans to expand service to include additional cloud platforms and other APIs as well. Watch this space for announcements or reach out directly to our team at if you have a suggestion for a platform you’d like to see us support.

How will using Fugue affect my AWS bill?

Fugue’s declarative configuration and process-oriented view of cloud resources tends to cut down on untracked, orphaned infrastructure, so a disciplined use of Fugue should lower the AWS bill of most customers operating at scale. Additionally, lowered management friction and risk mitigation reduce total cost of ownership.

Fugue both uses a small amount of AWS infrastructure for itself, and manages any AWS infrastructure that your compositions define. In both cases, this is infrastructure that runs in your AWS account(s). The infrastructure that Fugue uses is dependent on the amount of work you do with it, and the baseline costs will vary based on both the resources that are used and the type of work performed.

How does Fugue work with Virtual Private Clouds (VPCs)?

Fugue allows you to create and manage infrastructure like VPCs. Using Ludwig you can author and run a composition that defines, creates, and maintains your VPC infrastructure.

If you want to see this in action, try our Building a Network walkthrough.

How is Fugue “installed”?

The Fugue Client Tools are installed on a OSX, Linux, or Windows computer.

Fugue’s Conductor is installed into an Amazon Web Services account. The installation occupies one account, and one region within the account, although it can communicate with any region’s APIs once it is installed. This way, you can install Fugue’s control plane in a single region, but manage your application infrastructure in many.

Details on the installation of Fugue can be found in the User Guide.

What IAM permissions are necessary to run Fugue?

To install Fugue, very broad permissions are required to create infrastructure in VPC, EC2, SQS, S3, and DynamoDB. To operate Fugue and send commands to it, required permissions are far more limited and include read & write permissions to SQS and S3, as well as some permissions to read tags in EC2.

Fugue generates these IAM policies for you upon install, and you can learn more here.

What AWS service coverage does Fugue have?

You can see which AWS services can be defined in compositions by browsing the Fugue Standard Library.

What AWS regions does Fugue operate in?

The Fugue Conductor can currently operate in:

  • us-east-1
  • us-east-2
  • us-west-2
  • eu-west-1
  • us-gov-west-1

However Fugue can create and manage resources in a number of AWS regions such as, US East (N.Virginia), EU (London), and Asia Pacific (Toyko). The most up-to-date list of supported regions where Fugue can manage resources is available here.

Fugue & User Administration

How does Fugue handle user access?

Fugue uses RBAC or Role-based Access Control, which determines authentication and authorization, allowing you to create users and author policy governing access to Fugue. You can read more about it here.

Can I access Fugue without an RBAC Policy?

When you install Fugue, an initial (root) user and credential will be created. You can use this default user to access Fugue and attach your initial RBAC policy to create additional users. Or, you can continue to use Fugue in single-user mode (root).

What access does Fugue RBAC control?

RBAC declares policy that defines which Fugue CLI commands a user is able to execute; it does not control access to processes or specific resources. For additional details about permissions refer to the details about installing Fugue and AWS here.

How does RBAC handle users?

RBAC allows you to create policy files that include users and associated permissions. The Fugue CLI includes commands to generate user policy secrets (or passcodes), display a list of users, and change which user is active. For additional details, check out How to Use RBAC and the Fugue CLI Reference.

Does RBAC utilize AWS credentials?

The Fugue CLI communicates with the Fugue Conductor using AWS services (specifically SQS and S3). In order for a Fugue user to operate the CLI, they need the credentials for a minimally authorized AWS user or role in conjunction with their Fugue credentials.