Can I create a resource like an EC2 instance and give access to someone in our corporate ldap (without creating that user or mapping that user to the IAM credentials in AWS?
you would need to create a federation and map your ldap groups to AWS roles. then apply IAM policy to those roles. Your ldap users would then have assigned aws roles based on their ldap group membership. aws.amazon.com/identity/federation/