I need restriction access for the specific instance for the aws new feature called secure EIC Connection?

I need restriction access for the specific instance for the AWS new feature called secure EIC Connection.

1. If I am using this custom policy, The instance was successfully connected.

{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "ec2-instance-connect:OpenTunnel", "ec2-instance-connect:SendSSHPublicKey", "ec2-instance-connect:SendSerialConsoleSSHPublicKey" ], "Resource": *" } ] }

2. If I am using specific arn in the custom policy

{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "ec2-instance-connect:OpenTunnel", "ec2-instance-connect:SendSSHPublicKey", "ec2-instance-connect:SendSerialConsoleSSHPublicKey" ], "Resource": "arn:aws:ec2:ap-south-1:742096941866:instance/i-0e610b0467e3c0a4c" } ] }

I getting this error { C:\Users\Karthik>aws ec2-instance-connect ssh --instance-id i-0e610b0467e3c0a4c 2023-09-27 19:56:35,644 - awscli.customizations.ec2instanceconnect.websocket - ERROR - {"ErrorCode":"AccessDeniedException","Message":"User: arn:aws:iam::742096941866:user/Kratos is not authorized to perform: ec2-instance-connect:OpenTunnel on resource: arn:aws:ec2:ap-south-1:744096931876:instance-connect-endpoint/eice-03cec2d7947718afb because no identity-based policy allows the ec2-instance-connect:OpenTunnel action"}

AWS_ERROR_HTTP_WEBSOCKET_UPGRADE_FAILURE: Failed to upgrade HTTP connection to Websocket. kex_exchange_identification: Connection closed by remote host Connection closed by UNKNOWN port 65535

}

Please help me to resolve this issue.