AWS IAM's eventual consistency creates a 4-second window where deleted access keys can still function, posing significant security risks. When an access key is deleted, the change doesn't propagate instantly across AWS’s distributed infrastructure. This means that an attacker who has gained access to an account can exploit this gap. For example, after a security team deletes a compromised key, the attacker can still use it for a brief period to create a new set of keys, maintaining their access. The article highlights how this problem extends beyond access keys to other IAM operations like policy changes and role assumptions. It explains that even if security measures like AWS IAM policies are applied to restrict access, attackers can still take advantage of the same 4-second window to counteract those restrictions. The recommended mitigation strategy involves using Service Control Policies (SCPs) to deny all actions from the compromised principal, effectively locking them out before the eventual consistency period ends. CloudTrail logs these events correctly, showing that the actions performed during that window are recorded, but many detection solutions may not account for this timing issue. The risk isn't limited to access keys; similar vulnerabilities exist across various IAM resources, emphasizing a need for comprehensive security strategies that address these eventual consistency challenges. This research was communicated to AWS, which acknowledged the behavior as a byproduct of their system's design rather than a direct vulnerability.