You need to take into account that there can be delays in IAM replication across availability zones and regions.
One example during testing we've experienced was when authenticating against the aws-iam-authentication-group API endpoint in us-west-2 at 12:30 HKT, the user got added to the dynamic security group but it was until 12:36 HKT for it to be actually usable in us-east-1, and at 12:42 HKT in eu-west-1.
We created this issue as a reminder, and maybe it can be solved in the future.
You need to take into account that there can be delays in IAM replication across availability zones and regions.
One example during testing we've experienced was when authenticating against the aws-iam-authentication-group API endpoint in us-west-2 at 12:30 HKT, the user got added to the dynamic security group but it was until 12:36 HKT for it to be actually usable in us-east-1, and at 12:42 HKT in eu-west-1.
We created this issue as a reminder, and maybe it can be solved in the future.