Deploying Ansible in EC2 and managing playbook access via IAM roles

I am setting up a fresh EC2 deployment for a client and am hoping to do the following:

  1. Set up a management host for the cluster and deploy Ansible to it along with the client’s playbooks
  2. Allow users to successfully execute playbooks based on whether their IAM user has been assigned the IAM role for a service

Does Ansible support a setup like this? How would the IAM credentials (or role) be specified? I assume the idea would be to create a linux user mapping to each IAM user, but not positive on this.

The alternative it seems is to have users run Ansible from their local machine via a jump host where each of the IAM credentials can be self-managed.