How can I allow users to only create ec2 instances in a permitted subnet?

I want to allow users to only run/stop ec2 instances in permitted subnets, but the code as follows didn't work:

{"Effect": "Allow","Action": ["ec2:RunInstances","ec2:TerminateInstances","ec2:StopInstances","ec2:StartInstances","ec2:RunScheduledInstances","ec2:UnmonitorInstances"    ],"Resource": ["*"    ],"Condition": {"ForAnyValue:ArnEquals": {"ec2:Subnet": ["arn:aws:ec2:*:*:subnet/subnet-*******","arn:aws:ec2:*:*:subnet/subnet-*******","arn:aws:ec2:*:*:subnet/subnet-*******"            ]        }    }}