Fugue is an infrastructure-level cloud operating system. It builds, operates, and terminates cloud infrastructure and services and automates the continuous enforcement of declared infrastructure configurations. Fugue completes the DevOps workflow by automating cloud lifecycle management via enforced and versionable infrastructure as code. Fugue is software that you run in your cloud account to build and operate your cloud infrastructure, providing a single source of truth and trust for the cloud.

Being a new kind of thing, Fugue necessarily introduces some new terms. We present them here for quick reference, and recommend reading this before other chapters of the user guide.


The term account can refer to the following definitions, depending on context:

  • A cloud provider account, such as with AWS
  • An entry in the Conductor’s account table, which points to the provider account
  • A subject in RBAC policy, which points to the entry in the account table
Relationship between different definitions of "account"
account table
The table of cloud provider accounts registered with the Conductor as part of Fugue’s multi-account feature. See diagram in account.
The Fugue command-line interface. The CLI is how the user interacts with Fugue.
A visualization tool that allows users to edit compositions and view infrastructure in real-time.
A program that Fugue can run. A composition defines infrastructure configuration. Running a composition results in a process. This can be done more than once.
The core of the Fugue operating system, the Conductor is resident in your infrastructure account, running processes and accepting commands.
An option for run, update, resume, and kill that tests the command through progressive parts of the system, returning either failures encountered, or the expected results of success. Output is formatted as a JSON document.
The software that is the subject of this manual. Fugue is an operating system for your global computer.
Fugue Client Tools
The package of components that client computers must use to define compositions and manage processes in the Conductor. It consists of the Fugue CLI (command-line interface) and key Ludwig binaries known as the Fugue Standard Library.
A period of internal compute activity during which process data is reviewed and acted upon as necessary. Each job can potentially represent some change in the managed infrastructure, although most jobs are simply inspection and require no action.
The domain-specific language in which compositions are defined. Ludwig is easy to learn, yet brings features like type safety and informative error messages to the tricky domain of infrastructure configuration.
A workload on the Conductor. The work to be done in a process is defined in a composition.
Role-based access control. Fugue’s RBAC system allows customers to create users who interact with Fugue, author policy governing access to Fugue, and manage the administration and implementation of users and policy.
An access token that authenticates an RBAC user to the Conductor. Its value is set in the secret field in credentials.
A command-line tool that scans your AWS account and generates a Ludwig composition of your existing infrastructure.
An RBAC principal who is using Fugue, often (but not necessarily) representing a human user. Example: root
A distributed variable service bundled with the Fugue Client Tools. Vars functions as a service registry, service discovery tool, configuration synchronization service, and lock service. It can be used in conjunction with Fugue or independently of Fugue.