Do you have to use a public ip for that ec2 instance for other reasons? If not, you can tell it not to assign a public IP, and then you have a private instance.
If you have to keep the instance public, but want to protect the airbyte controls, you could look at using a Security Group to allow only a specific IP range to connect to that port number, instead of letting the whole world connect. That would work if you access it yourself from a consistent IP such as a company network or company vpn.
Another option might be to put an nginx or similar web server in front of airbyte as a proxy, with authentication required for that, and it forwards to airbyte behind the scenes after authentication passes.
Do any of those seem like they will work for you, or do you need other ideas?