How to assign IAM permissions to a Kubernetes cluster so that my flows can access other AWS services such as S3 or DynamoDB?

Use IAM roles for service accounts. This is the AWS-recommended way of setting credentials to interact with AWS services within Kubernetes workloads. This applies to flow run pods but also to Dask nodes deployed within the same cluster as those permissions can be applied on the cluster level.

The easiest way to set this up is using eksctl:

Slack discussion about the same topic