Hi! I'm

Federico Calò

Software Developer | Technical Writer

I create modern web applications and custom digital tools to help businesses grow through technological innovation. My passion is combining computer science and economics to generate real value.

Contact Me

About Me

My passion for computer science was born at the Technical Commercial Institute of Maglie, where I discovered the power of programming and the fascination of creating digital solutions. From the start, I understood that computer science was not just code, but an extraordinary tool for turning ideas into reality.

During my studies in Business Information Systems, I began to interweave computer science and economics, understanding how technology can be the engine of growth for any business. This vision accompanied me to the University of Bari, where I obtained my degree in Computer Science, deepening my technical skills and passion for software development.

Today I put this experience at the service of businesses, professionals and startups, creating tailor-made digital solutions that automate processes, optimize resources and open new business opportunities. Because true innovation begins when technology meets the real needs of people.

My Skills

Data Analysis & Predictive Models

I transform data into strategic insights with in-depth analysis and predictive models for informed decisions

Process Automation

I create custom tools that automate repetitive operations and free up time for value-added activities

Custom Systems

I develop tailor-made software systems, from platform integrations to customized dashboards

const federico = {
  nome: "Federico Calò",
  ruolo: "Sviluppatore Software",
  città: "Bari, Italia",
  missione: "Aiutare attraverso l'informatica",
  passioni: [
    "Codice Pulito",
    "Innovazione",
    "Crescita Continua"
  ]
};

La Mia Missione

Credo fermamente che l'informatica sia lo strumento più potente per trasformare le idee in realtà e migliorare la vita delle persone.

Democratizzare la Tecnologia

La mia missione è rendere l'informatica accessibile a tutti: dalle piccole imprese locali alle startup innovative, fino ai professionisti che vogliono digitalizzare la propria attività. Ogni realtà merita di sfruttare le potenzialità del digitale.

Unire Informatica ed Economia

Non è solo questione di scrivere codice: è capire come la tecnologia possa generare valore reale. Intrecciando competenze informatiche e visione economica, aiuto le attività a crescere, ottimizzare processi e raggiungere nuovi traguardi di efficienza e redditività.

Creare Soluzioni su Misura

Ogni attività è unica, e così devono esserlo le soluzioni. Sviluppo strumenti personalizzati che rispondono alle esigenze specifiche di ciascun cliente, automatizzando processi ripetitivi e liberando tempo per ciò che conta davvero: far crescere il business.

Trasforma la Tua Attività con la Tecnologia

Che tu gestisca un negozio, uno studio professionale o un'azienda, posso aiutarti a sfruttare le potenzialità dell'informatica per lavorare meglio, più velocemente e in modo più intelligente.

Parliamone Insieme →

Join the Community

Join the developer community where we discuss software, AI, architecture and DevOps. Share ideas, ask questions and grow with us.

Channel

FC Dev Blog

Get notifications on new articles, complete series, weekly tips and featured tools. Bilingual IT/EN content directly in your Telegram.

New articles as they are published
Weekly tips and code snippets
Polls on future topics

Subscribe to Channel

Group

FC Dev Community

A bilingual IT/EN community for developers. Discussions, Q&A, mutual help and networking with other professionals.

Discussions on articles and technologies
Coding help and code review
Job opportunities and collaboration

Join the Group

Discussion Topics

View

Master SQL

RoadMap.sh

November 2024

View

Oracle Certified Foundations Associate

Oracle

October 2024

View

People Leadership Credential

Connect

September 2024

💻 Languages & Technologies

Java

Python

JavaScript

Angular

React

TypeScript

SQL

PHP

CSS/SCSS

Node.js

Docker

Git

💼

12/2024 - Present

Custom Software Engineering Analyst

Accenture

Bari, Puglia, Italy · Hybrid Analysis and development of computer systems through the use of Java and Quarkus in Health and Public Sector. Continuous training on modern technologies for creating customized and efficient software solutions and on agents.

💼

06/2022 - 12/2024

Software analyst and Back End Developer Associate Consultant

Links Management and Technology SpA

Experience analyzing as-is software systems and ETL flows using PowerCenter. Completed Spring Boot training for developing modern and scalable backend applications. Backend developer specialized in Spring Boot, with experience in database design, analysis, development and testing of assigned tasks.

💼

02/2021 - 10/2021

Software programmer

Adesso.it (prima era WebScience srl)

Experience in AS-IS and TO-BE analysis, SEO evolutions and website evolutions to improve user performance and engagement.

🎓

2018 - 2025

Degree in Computer Science

University of Bari Aldo Moro

Bachelor's degree in Computer Science, focusing on software engineering, algorithms, and modern development practices.

📚

2013 - 2018

Diploma - Corporate Information Systems

Technical Commercial Institute of Maglie

Technical diploma specializing in Business Information Systems, combining IT knowledge with business management.

Contattami

Hai un progetto in mente? Parliamone! Compila il form qui sotto e ti risponderò al più presto.

* Campi obbligatori. I tuoi dati saranno utilizzati solo per rispondere alla tua richiesta.

Infrastructure as Code: The Platform Foundation

Infrastructure as Code (IaC) is the principle that infrastructure is defined, versioned, and managed through declarative or imperative code, rather than manual configurations. In the context of Platform Engineering, IaC is not just a best practice: it is a fundamental requirement for building an IDP that is repeatable, scalable, and auditable.

In this article, we will compare the two dominant approaches - Terraform (declarative) and Pulumi (imperative with general-purpose languages) - and explore how to implement Policy as Code with OPA and Sentinel to ensure automated compliance and security.

What You'll Learn

IaC paradigms: declarative (Terraform/HCL) vs imperative (Pulumi/TypeScript)
State management: remote state, locking, disaster recovery
Reusable Terraform modules and composition
Pulumi: IaC with TypeScript, Python, and Go
Policy as Code: OPA/Rego for compliance and Sentinel for Terraform Cloud
Migration strategies toward IaC for existing infrastructure

Terraform: The Declarative Approach

HashiCorp's Terraform is the most widely used IaC tool in the world. It uses a declarative language called HCL (HashiCorp Configuration Language) to describe the desired infrastructure state. Terraform compares the desired state with the current state and computes an execution plan to reach the target configuration.

Terraform's strengths include:

Provider ecosystem: supports hundreds of cloud and SaaS providers (AWS, Azure, GCP, Kubernetes, GitHub, Datadog...)
Plan before apply: shows changes before executing them, reducing the risk of errors
State management: tracks real infrastructure state for managing incremental updates
Modules: reusable components that encapsulate complex configurations


# Terraform: reusable module for microservice infrastructure
# modules/microservice-infra/main.tf

variable "service_name" {
  type        = string
  description = "Microservice name"
}

variable "environment" {
  type        = string
  description = "Environment (dev, staging, production)"
}

variable "cpu_limit" {
  type    = string
  default = "500m"
}

variable "memory_limit" {
  type    = string
  default = "512Mi"
}

# Kubernetes namespace with standard labels
resource "kubernetes_namespace" "service" {
  metadata {
    name = "#123;var.service_name}-#123;var.environment}"
    labels = {
      "app.kubernetes.io/name"       = var.service_name
      "app.kubernetes.io/env"        = var.environment
      "platform.company.io/managed"  = "true"
    }
  }
}

# PostgreSQL database (RDS)
resource "aws_db_instance" "database" {
  identifier     = "#123;var.service_name}-#123;var.environment}"
  engine         = "postgres"
  engine_version = "15.4"
  instance_class = var.environment == "production" ? "db.r6g.large" : "db.t3.micro"

  allocated_storage     = 20
  max_allocated_storage = var.environment == "production" ? 100 : 50
  storage_encrypted     = true

  db_name  = replace(var.service_name, "-", "_")
  username = "app_user"
  password = random_password.db_password.result

  backup_retention_period = var.environment == "production" ? 30 : 7
  deletion_protection     = var.environment == "production"

  tags = {
    Service     = var.service_name
    Environment = var.environment
    ManagedBy   = "terraform"
  }
}

# Redis cache (ElastiCache)
resource "aws_elasticache_cluster" "cache" {
  cluster_id           = "#123;var.service_name}-#123;var.environment}"
  engine               = "redis"
  node_type            = var.environment == "production" ? "cache.r6g.large" : "cache.t3.micro"
  num_cache_nodes      = 1
  parameter_group_name = "default.redis7"
  port                 = 6379
}

output "namespace" {
  value = kubernetes_namespace.service.metadata[0].name
}

output "database_endpoint" {
  value = aws_db_instance.database.endpoint
}

output "cache_endpoint" {
  value = aws_elasticache_cluster.cache.cache_nodes[0].address
}

Pulumi: IaC with General-Purpose Languages

Pulumi takes a different approach: instead of a dedicated language (like HCL), it allows defining infrastructure using standard programming languages such as TypeScript, Python, Go, C#, and Java. This means having access to constructs like loops, conditionals, functions, classes, and the entire library ecosystem of the chosen language.

Pulumi's advantages include:

Familiar languages: no need to learn a new language; use the one your team already knows
Native testing: unit tests and integration tests for infrastructure with standard testing frameworks
Powerful abstractions: classes, interfaces, and composition for creating complex IaC components
IDE support: autocomplete, type checking, and refactoring with language tools


// Pulumi: reusable component in TypeScript
// microservice-infra.ts

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as k8s from "@pulumi/kubernetes";

interface MicroserviceInfraArgs {
  serviceName: string;
  environment: string;
  cpuLimit?: string;
  memoryLimit?: string;
  enableDatabase?: boolean;
  enableCache?: boolean;
}

export class MicroserviceInfra extends pulumi.ComponentResource {
  public readonly namespace: k8s.core.v1.Namespace;
  public readonly databaseEndpoint?: pulumi.Output<string>;
  public readonly cacheEndpoint?: pulumi.Output<string>;

  constructor(
    name: string,
    args: MicroserviceInfraArgs,
    opts?: pulumi.ComponentResourceOptions
  ) {
    super("company:platform:MicroserviceInfra", name, {}, opts);

    const isProd = args.environment === "production";

    // Kubernetes namespace
    this.namespace = new k8s.core.v1.Namespace(
      `#123;args.serviceName}-ns`,
      {
        metadata: {
          name: `#123;args.serviceName}-#123;args.environment}`,
          labels: {
            "app.kubernetes.io/name": args.serviceName,
            "app.kubernetes.io/env": args.environment,
            "platform.company.io/managed": "true",
          },
        },
      },
      { parent: this }
    );

    // Conditional database
    if (args.enableDatabase !== false) {
      const db = new aws.rds.Instance(
        `#123;args.serviceName}-db`,
        {
          identifier: `#123;args.serviceName}-#123;args.environment}`,
          engine: "postgres",
          engineVersion: "15.4",
          instanceClass: isProd ? "db.r6g.large" : "db.t3.micro",
          allocatedStorage: 20,
          storageEncrypted: true,
          deletionProtection: isProd,
        },
        { parent: this }
      );
      this.databaseEndpoint = db.endpoint;
    }

    this.registerOutputs({
      namespaceName: this.namespace.metadata.name,
    });
  }
}

State Management

State management is one of the most critical aspects of IaC. The state file contains the mapping between resources defined in code and actual resources in the cloud. Poor state management can lead to drift, conflicts, and even resource loss.

Remote state: state must be stored in a remote backend (S3, GCS, Azure Blob, Terraform Cloud) to be shared among team members
State locking: locking mechanism (DynamoDB for AWS, GCS for GCP) to prevent concurrent modifications
State encryption: state contains sensitive information and must be encrypted at rest and in transit
Disaster recovery: regular state backups with versioning enabled on the bucket

Fundamental Rule

Never commit the state file to the Git repository. State contains sensitive information (passwords, connection strings, keys) and must be managed exclusively through a remote backend with appropriate encryption and access control.

Policy as Code with OPA and Sentinel

Policy as Code is the principle of defining organizational policies as versioned, testable, and automatically enforceable code. In the IaC context, policies verify that defined infrastructure meets security, compliance, and cost requirements before deployment.

OPA (Open Policy Agent): general-purpose policy engine with Rego language. Can validate Terraform plans, Kubernetes manifests, API requests
Sentinel: HashiCorp's policy framework integrated into Terraform Cloud/Enterprise. Uses a dedicated language optimized for infrastructure policies
Kyverno: Kubernetes-native policy engine that uses YAML to define policies (simpler than OPA for K8s-specific use cases)


# OPA/Rego: policy for validating Terraform plans
# policy/terraform/mandatory_tags.rego

package terraform.mandatory_tags

import rego.v1

# All resources must have mandatory tags
mandatory_tags := ["Environment", "Service", "ManagedBy", "Team"]

# Find resources missing mandatory tags
deny contains msg if {
  resource := input.planned_values.root_module.resources[_]
  tags := object.get(resource.values, "tags", {})
  required_tag := mandatory_tags[_]
  not tags[required_tag]
  msg := sprintf(
    "Resource '%s' is missing mandatory tag '%s'",
    [resource.address, required_tag]
  )
}

# Production databases must have encryption enabled
deny contains msg if {
  resource := input.planned_values.root_module.resources[_]
  resource.type == "aws_db_instance"
  resource.values.storage_encrypted != true
  msg := sprintf(
    "Database '%s' must have storage_encrypted = true",
    [resource.address]
  )
}

# No public resources without approval
deny contains msg if {
  resource := input.planned_values.root_module.resources[_]
  resource.type == "aws_s3_bucket"
  acl := object.get(resource.values, "acl", "private")
  acl == "public-read"
  msg := sprintf(
    "S3 bucket '%s' cannot be public without approval",
    [resource.address]
  )
}

GitOps and PR-Based Workflows

Integrating IaC with GitOps workflows is essential for a mature IDP. The most effective pattern is the PR-based workflow: every infrastructure change happens through a Pull Request that is automatically validated before merging.

Atlantis: tool that automates the Terraform workflow on Pull Requests (automatic plan, apply after approval)
Spacelift: SaaS platform for IaC management with policies, drift detection, and module registry
Env0: platform that adds governance, cost tracking, and TTL to IaC environments

The advantage of PR-based workflows is complete traceability: every infrastructure change is documented in a PR with reviews, comments, and approvals. This naturally satisfies audit and compliance requirements.

Migration Strategies

Migrating existing infrastructure (created manually or with ad-hoc scripts) to IaC is a process that requires planning and gradual implementation:

Phase 1 - Import: import existing resources into Terraform state without modifying them
Phase 2 - Codify: write IaC code describing imported resources, verifying the plan shows no changes
Phase 3 - Standardize: progressive refactoring toward shared modules and naming conventions
Phase 4 - Automate: CI/CD integration for automatic apply and policy enforcement

Migration Advice

Do not try to migrate all infrastructure at once. Start with simpler, lower-risk components (S3 buckets, DNS records, IAM policies), gain experience and confidence, then proceed with more critical resources (databases, Kubernetes clusters, networking).