[Aeolun]

I’d be interested in knowing why it takes +/- 10 seconds after I create/update a role before I can actually use it.

[sylens]

IAM is eventually consistent. And they do a lot of derivations of hashing off an original signature and distributing individual, bespoke versions to services in different regions to limit the blast radius of a compromised credential.

If you go to an AWS event in the future, the name of the chalk talk was "The Life of an IAM Policy"

[blitzar]

If you have navigated far enough to create/update a role you are already aware of the bloat and mess that ties all their services together.