The aws-s3-basic-auth project contains a setup for protecting access to S3 bucket with HTTP Basic Authentication.

The setup creates a CloudFront distribution for serving files from the target bucket. A custom Lambda@Edge function is used to authenticate all requests made to the CloudFront distribution. CloudFront authenticates itself to S3 using a custom Origin Access Identity which prevents direct access to the contents of S3.

The entire setup can be deployed through CloudFormation to protect access to any existing S3 bucket.