So it is possible but with caveats. On S3 you can restrict on IP Address access via the Access Policy but this only works if you are not using VPC<>S3 Gateways. You would also need to be running the servers that are accessing the S3 Bucket behind a NAT Gateway/Server or have them use an Elastic IP Address to ensure that you do not lose access and have stable addresses to pin against.
Your other option is to launch a webserver directly. You could use NGINX or some other simple webserver system to create a static website that you can then apply normal AWS Security Group rules against - which has different drawbacks in terms of how you get your schemas onto the server and deal with HA and redundancy but makes security easier to manage at a network level.
The most future proofed option however is to setup an Iglu Server setup instead. This is a slightly more complicated but allows you to set API Key based access to your schemas as well as applying all of the normal security group related networking limitations. More importantly it is also required for a lot of our new loader technology to function (like Redshift auto-migrations).