AWS IAM policy for Run Command, Patch Now, Put parameter and Start session based on resource tags

Question

As the heading suggests, I am struggling to develop an IAM policy that would achieve the following purely based on tags attached to EC2s:

1. On demand patching of EC2s