You can restrict the use of an IAM role by using IAM policies with conditions. Conditions can include IP addresses, VPCs, MFA, or specific times.
Example IAM Policy with Conditions:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:*",
"Resource": "arn:aws:s3:::example-bucket/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "203.0.113.0/24"
}
}
}
]
}