Have you seen the topic "Add or remove a public key on your instance" in the EC2 User Guide? You can find it at this link: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/replacing-key-pair.html
It explains how to add a different public key on your EC2 instance, and then share the matching private key with someone who needs to connect to the instance. You can then remove the public key when you no longer want to allow that person to connect to the instance.
Another option is to use EC2 Instance Connect. You can read about EC2 Instance Connect at this link: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Connect-using-EC2-Instance-Connect.html
With EC2 Instance Connect, you can create an IAM policy that you attach to an IAM user. The policy will specify that the action to connect using EC2 Instance Connect is only allowed for the specified instance. You can find the information for setting this up in the link shared above.
I hope this helps!
Hope your use-case is specific to provision access to an EC2 instance, you could explore SystemsManager-SessionManager.
You could limit access to instances, if your use-case needs clients only access data and not the instance. There are several different ways to approach this based on the use-case.
Client VPN access to VPCasked a year ago
Client VPN Endpoint Creation - Not Detecting Client Certificate in ACMAccepted Answerasked 4 years ago
UE4+Gamelift client connection failsAccepted Answerasked 8 months ago
AWS Client VPN Please add support for Login / Logout scripts like OpenVPN hasasked 6 months ago
AWS MSK - Creating a client Machineasked 2 months ago
AWS instance end Credentialsasked 2 months ago
Created an instance to demo content to prospective client - Help creating client temporary login credentials.asked 9 days ago
Generate OIDC token from EC2 assigned IAM Role temporary credentialsasked 7 months ago
Nice DCV - Limit client access to applicationsAccepted Answerasked 3 months ago
How to allow a role to attach role to an instance?asked 2 years ago