Sand Castles and Quicksand

Something I've learned a lot more about in these past couple months is granularity within development/engineering. In a recent case, this on takes the context of wanting to create a specific IAM group in AWS so that a user has exactly what she needs for a particular task — the principle of least privilege really. She would be the only user in that group until others would be added. But what if nobody else would be added to that granular group?

The seemingly innocuous question stuck with me. What if that was the case and we kept creating IAM groups for each user who needed granular roles for every granular task? Chaos. Okay, a bit hyperbolic, but we'd be left with a hell of a time trying to manage the IAM groups that we're constantly creating. Instead, after taking my team's advice, I decided to put this user in a group we already had that still gave her the ability to complete her task, even if it meant allowing additional privileges that, mind you, actually had no bearing on our principle of least privilege.

Granularity is important, but there's a difference from granularity like sand castles and granularity like quicksand. You want granularity to be elegant like a sand castle. You don't want it to weigh you down like quicksand. I'm slowly learning that knowing the difference is a crucial skill that takes time to intuitively understand. For now I'll cautiously wade through the quicksand in order to reach creating those sand castles.