I could not find a way to do this and this article confirms this, How to use trust policies with IAM roles:
Several customers have asked if it’s possible to design a trust policy for an IAM role such that it can only be passed to a specific Amazon EC2 instance. This isn’t directly possible. You cannot place the Amazon Resource Name (ARN) for an EC2 instance into the Principal of a trust policy, nor can you use tag-based condition statements in the trust policy to limit the ability for the role to be used by a specific resource. The only option is to manage access to the iam:PassRole action within the permission policy for those IAM principals you expect to be attaching IAM roles to AWS resources. This special Action is evaluated when a principal tries to attach another IAM role to an AWS service or AWS resource.
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- How can I resolve the IAM trust policy error "Failed to update trust policy. Invalid principal in policy"?AWS OFFICIALUpdated 10 months ago
- I created an IAM role, but the role doesn't appear in the dropdown list when I launch an instance. What do I do?AWS OFFICIALUpdated a year ago
- EXPERTpublished 14 days ago
- EXPERTpublished a year ago