AWS IAM Policy Condition with AWS SSO username

Question

I have AWS SSO users with login like firstname.lastname.

I would like to have a policy like this

{
    "Version": "2012-10-17",
    "Statement": [
      {
        "Effect": "Allow",
        "Action": "ec2:SomeAction",
        "Resource": ["*"],
        "Condition": {
            "StringEquals": {
                "ec2:ressourceTag/User": "${firstname.lastname}"
            }
        }
      },
      {
        "Effect": "Allow",
        "Action": "ec2:DescribeInstances",
        "Resource": "*"
      }
    ]
}

Of course ${firstname.lastname} should be dynamically filled using SSO data.

It's my understanding of reference_policies_variables, that it is not straighforward.

Is there a way ?