Yes, you can. You need to first assign some relevant and common tags to the EC2 instances in question. And then restrict the IAM policy access only to those instances using ec2:ResourceTag/tag-key
.
Check this example:
Here is the relevant code from above example:
{
"Effect": "Allow",
"Action": "ec2:TerminateInstances",
"Resource": "arn:aws:ec2:us-east-1:123456789012:instance/*",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/purpose": "test"
}
}
}
This way, you can restrict the access to only those instances which have necessary tags.
Read more about Tagging here. Hope this helps.