Based on my experience with IAM, what you're looking to achieve isn't possible with existing functionality. Instead, I recommend creating and utilizing separate AWS accounts for production, staging, development, etc., and allowing only authorized individuals or teams access to those accounts. This is consistent with the AWS best practices recommendations we give to customers regularly, and ensures access to data and other resources is less likely to be accidentally granted to unauthorized parties.
I think I got what you are trying to achieve but not sure if the condition statement is in the right place here. In order to assign permissions to an Amazon EC2 Instance, you need to assign a IAM role to this EC2 Instance. Amazon EC2 uses an instance profile as a container for an IAM role.
See also the note for Instance Profiles: An instance profile can contain only one IAM role, although a role can be included in multiple instance profiles. This limit of one role per instance profile cannot be increased.
What I would recommend is to look into:
How does an EC2 instance assume an IAM Role?Accepted Answerasked 6 months ago
Changing IAM Role on EC2 instance: Internal Errorasked 2 years ago
Dynamically assign an IAM Role between an IAM user and and EC2 instanceasked 7 months ago
How can you restrict EC2 instances to assuming an IAM role based on the instance's tags?asked 9 months ago
What IAM Role permissions required to restore CMK encrypted EC2 instances ?asked 3 years ago
Restricting access to EC2 instances using IAM PolicyAccepted Answerasked 9 months ago
Did not have IAM permissions to process tags on AWS::EC2::Instance resourceasked 2 years ago
Limit which IAM roles can be attached to an EC2 instance by different IAM usersasked 10 months ago
details of IAM role which is attached to ec2 instances with cloudshellAccepted Answerasked 6 months ago
Create an IAM role to read from Secrets Managerasked 2 years ago