Cloud Infrastructure Baselines

A Contract Between Security and DevOps

What is a Cloud Infrastructure Baseline?

A baseline is a snapshot of a “known good” configuration of cloud infrastructure. It is a complete picture of a cloud environment and defines every resource with all of its attributes. This is more detailed than typical infrastructure as code, which may only define a resource and a small set of attributes but leaves out the default attributes.


A baseline contains every detail, so, for example, a VPC will specify all of the ACLs, subnets, and route tables.

Why Organizations Need Baselines

An infrastructure baseline enables stakeholders to examine all resources and decide together how the infrastructure meets internal and regulatory compliance standards.

The concept of a baseline makes possible:

  • A contract to align Security and DevOps teams on cloud compliance
  • An accurate and up-to-date of what is running in your cloud environment
  • The context to perform safe codeless auto-remediation via self-healing


Without the concept of a baseline, teams are incentivized to work at odds with each other.

How to Get Started with Baselines

  • Understand what is running and how it complies with security or compliance policies. This can take as little as 10 minutes.
  • Start by enforcing one or a few security requirements early in the development lifecycle and gradually add more as application functionality evolves.
  • DevOps can use automated tools to scan for policy violations as part of baselining.


Organizations can get started with baselining in as little as 10 minutes.

Secure Your Cloud

Schedule a demo to learn Fugue can help you get started with baselines