Building apps with EndpointSecurity entitlements in Amazon EC2 Mac instances

I'm thinking of transitioning the build infrastructure from locally managed build machines to the cloud. Unfortunately Xcode Cloud is not an option as I'm building an EndpointSecurity app, and then run build scripts to package it into a pkg. So I'm looking into using Amazon EC2 instances for it. Apps with EnpointSecurity entitlements require special provisioning profiles during codesigning, which can be easily setup in Xcode project and then fetched during xcodebuild when -allowProvisioningUpdates is passed. But this requires signing in with developer account in Xcode and also automatically adds the device to the Apple development program. In case of building with random EC2 instances it can be a new machine each time, and using a flag -allowProvisioningDeviceRegistration will quickly reach a quota of 100 device. How can this be solved? Will adding a logged in Xcode to an AMI image just once help?