Frequently Asked Questions
How does Fugue access customer cloud accounts?
To scan AWS accounts, Fugue uses a tightly-scoped read-only IAM role to execute calls against AWS APIs. Fugue can auto-generate this IAM role for users. For Azure subscriptions, Fugue utilizes a Reader role. Optional auto-remediation with Fugue requires additional write privileges for the AWS IAM role, and a Contributor role for Azure.
Where can I find more information on Fugue features?
How does Fugue define a cloud resource?
A cloud resource is any configuration item that is tracked, analyzed, and enforced from a policy or drift perspective. Examples include AWS EC2 instances, AWS ELB listeners, and Azure virtual machines. A full list of resource types is here.
How does Fugue assess cloud resources for billing purposes (Fugue Enterprise)?
Fugue assesses cloud resources for billing purposes for Fugue Enterprise by calculating a resource under management (RUM) metric that is the median of trailing 90-day cloud resource counts, sampled daily.
How does Fugue define an environment?
A Fugue environment is a user-defined collection of cloud resources within a given AWS account or Azure subscription. An AWS environment can be scoped to a specific region or set of resource types, and an Azure environment can be scoped to a set of resource groups. An AWS account or Azure subscription may have one or more Fugue environments associated with it. For instance, you may want one environment that runs a daily compliance check for all of your cloud resources, and another that's focused on detecting drift and misconfiguration for a smaller number of security-critical resources.
How does Fugue define a scan?
A scan is a comprehensive survey of a Fugue environment to retrieve resource configuration state with CSP APIs, assess compliance, and identify potential misconfigurations.
What is the difference between a Scheduled Scan and an On-Demand Scan?
Scheduled Scans operate on a periodic, automated basis, and are configurable with Team or Enterprise plans. An On-Demand Scan is initiated by a user, and is often utilized as part of CI/CD pipelines or other automated workflows.
Is Fugue Developer only for individuals, or can organizations and companies be on the plan?
Individual engineers are welcome to use Fugue Developer for free to manage the security of cloud infrastructure for their employer or their own projects. Please note that a Fugue Developer account only supports one user. Fugue Team or Fugue Enterprise may be more appropriate for multiple users or organizations that need visibility and security for at scale cloud environments.
How does Fugue bill for Fugue Team and Fugue Enterprise?
Fugue is billed annually at the start of each subscription term.
Please reach out to firstname.lastname@example.org if you have additional questions.