diff --git a/cmd/iam-object-store.go b/cmd/iam-object-store.go
index e45449f35..a98b32ead 100644
--- a/cmd/iam-object-store.go
+++ b/cmd/iam-object-store.go
@@ -802,7 +802,11 @@ func (iamOS *IAMObjectStore) loadAllFromObjStore(ctx context.Context, cache *iam
 	// Store the newly populated map in the iam cache. This takes care of
 	// removing stale entries from the existing map.
 	cache.iamSTSAccountsMap = stsAccountsFromStore
-	cache.iamSTSPolicyMap = stsAccPoliciesFromStore
+
+	stsAccPoliciesFromStore.Range(func(k string, v MappedPolicy) bool {
+		cache.iamSTSPolicyMap.Store(k, v)
+		return true
+	})
 
 	return nil
 }
diff --git a/cmd/iam-store.go b/cmd/iam-store.go
index 2c0e24b89..273a1d4d5 100644
--- a/cmd/iam-store.go
+++ b/cmd/iam-store.go
@@ -2865,6 +2865,10 @@ func (store *IAMStoreSys) LoadUser(ctx context.Context, accessKey string) error
 		cache.iamUsersMap[k] = v
 	}
 
+	for k, v := range newCache.iamSTSAccountsMap {
+		cache.iamSTSAccountsMap[k] = v
+	}
+
 	newCache.iamSTSPolicyMap.Range(func(k string, v MappedPolicy) bool {
 		cache.iamSTSPolicyMap.Store(k, v)
 		return true
diff --git a/cmd/iam.go b/cmd/iam.go
index d7ac42775..65e361e8f 100644
--- a/cmd/iam.go
+++ b/cmd/iam.go
@@ -179,7 +179,7 @@ func (sys *IAMSys) initStore(objAPI ObjectLayer, etcdClient *etcd.Client) {
 
 	if etcdClient == nil {
 		var group *singleflight.Group
-		if env.Get("_MINIO_IAM_SINGLE_FLIGHT", config.EnableOff) == config.EnableOn {
+		if env.Get("_MINIO_IAM_SINGLE_FLIGHT", config.EnableOn) == config.EnableOn {
 			group = &singleflight.Group{}
 		}
 		sys.store = &IAMStoreSys{
diff --git a/docs/sts/assume-role.go b/docs/sts/assume-role.go
index 7d3f4bde2..7c8735ffe 100644
--- a/docs/sts/assume-role.go
+++ b/docs/sts/assume-role.go
@@ -30,6 +30,7 @@ import (
 	"os"
 	"time"
 
+	"github.com/minio/madmin-go/v3"
 	"github.com/minio/minio-go/v7"
 	cr "github.com/minio/minio-go/v7/pkg/credentials"
 )
@@ -112,6 +113,11 @@ func main() {
 		Secure: stsEndpointURL.Scheme == "https",
 	}
 
+	mopts := &madmin.Options{
+		Creds:  li,
+		Secure: stsEndpointURL.Scheme == "https",
+	}
+
 	v, err := li.Get()
 	if err != nil {
 		log.Fatalf("Error retrieving STS credentials: %v", err)
@@ -125,6 +131,18 @@ func main() {
 		return
 	}
 
+	// API requests are secure (HTTPS) if secure=true and insecure (HTTP) otherwise.
+	// New returns an MinIO Admin client object.
+	madmClnt, err := madmin.NewWithOptions(stsEndpointURL.Host, mopts)
+	if err != nil {
+		log.Fatalln(err)
+	}
+
+	err = madmClnt.ServiceRestart(context.Background())
+	if err != nil {
+		log.Fatalln(err)
+	}
+
 	// Use generated credentials to authenticate with MinIO server
 	minioClient, err := minio.New(stsEndpointURL.Host, opts)
 	if err != nil {