Fugue is the name of the company responsible for creating two tools, Fugue Platform and Risk Manager. Fugue Platform (or just ‘Fugue’ for the purposes of the docs) is a cloud-native system that governs the provisioning, operation, and management of cloud infrastructure and services at the API layer. Fugue Platform completes the DevOps workflow via enforced and versionable infrastructure as code. It ensures cloud resources are always provisioned according to internal and external policies and standards, enabling governance by automating cloud lifecycle management with continuous enforcement of declared configurations.

Being a new kind of thing, Fugue necessarily introduces some new terms. We present them here for quick reference, and recommend reading this before other chapters of the user guide.


The term account can refer to the following definitions, depending on context:

  • A cloud provider account, such as with AWS
  • An entry in the Conductor’s account table, which points to the provider account
  • A subject in RBAC policy, which points to the entry in the account table
Relationship between different definitions of "account"
account table
The table of cloud provider accounts registered with the Conductor as part of Fugue’s multi-account feature. See diagram in account.
The Fugue command-line interface. The CLI is how the user interacts with Fugue.
A visualization tool that allows users to edit compositions and view infrastructure in real-time. (Samples)
A program that Fugue can run. A composition defines infrastructure configuration. Running a composition results in a process. This can be done more than once. (Examples)
An option for run, update, resume, and kill that tests the command through progressive parts of the system, returning either failures encountered, or the expected results of success. Output is formatted as a JSON document. (Example)
(Also referred to as Fugue Platform) The software that is the subject of this manual. Fugue is a cloud orchestration engine for your global computer.
The core of the Fugue Platform orchestration engine, the Conductor is resident in your infrastructure account, running processes and accepting commands.
Fugue Client Tools
The package of components that client computers must use to define compositions and manage processes in the Conductor. It consists of the Fugue CLI (command-line interface) and key Ludwig binaries known as the Fugue Standard Library. (Set up Fugue)
A period of internal compute activity during which process data is reviewed and acted upon as necessary. Each job can potentially represent some change in the managed infrastructure, although most jobs are simply inspection and require no action. (Example)
The domain-specific language in which compositions are defined. Ludwig is easy to learn, yet brings features like type safety and informative error messages to the tricky domain of infrastructure configuration. (Examples)
A workload on the Conductor. The work to be done in a process is defined in a composition.
Role-based access control. Fugue’s RBAC system allows customers to create users who interact with Fugue, author policy governing access to Fugue, and manage the administration and implementation of users and policy. (Example)
An access token that authenticates an RBAC user to the Conductor. Its value is set in the secret field in credentials. (Example)
A command-line tool that scans your AWS account and generates a Ludwig composition of your existing infrastructure.
An RBAC principal who is using Fugue, often (but not necessarily) representing a human user. Example user: root (Example)
A distributed variable service bundled with the Fugue Client Tools. Vars functions as a service registry, service discovery tool, configuration synchronization service, and lock service. It can be used in conjunction with Fugue or independently of Fugue. (Examples)