I am trying to write an IAM policy which will control access to EC2 instances. All EC2 instances will have a custom tag called username and only if the tag value matches the logged in user's user name, will that user have access to that EC2 instance. This is what I came up with:
I am sure you see the problem here. I don't want to hard code the username value on the right-hand side. I want to be able to get that information at runtime or policy evaluation time.