AWS IAM Show only untagged EC2 instances

Question

I\'m attempting to introduce a guest IAM policy to restrict the access to the EC2 instances. I\'m trying to reach that, the guest policy shows only that instances,

Answer 1

The use case to control which EC2 resources in same region IAM users can see based on tag (by other means) is not possible since all EC2 describe API calls do not support resource level permission.

Hence we cannot use EC2 conditions (except ec2:Region) with "ec2:Describe*" action. So, either you give permission to see resources or don't.