AWS S3 IAM policy for role for restricting few instances to connect to S3 bucket based in instance tag or instance id

Question

I have a AWS S3 already associated with all the instances for read privileges to all S3 buckets. Now I need to add a policy to the roles for write privileges(Put object) so

Answer 1

The IAM Policy Elements Reference documentation says:

aws:SourceArn – To check the source of the request, using the Amazon Resource Name (ARN) of the source. (This value is available for only some services.)

However, the documentation does not state which services can use it.

There are examples available for its use with SQS and SNS, with a sourceARN of an Amazon S3 bucket and also using sourceARN with Lambda. However, it does not appear to be supported with Amazon EC2.