The proxy_pass approach is correct, but please consider private connection between your EC2 instance and S3 bucket, so the content can be available only through established tunnel in AWS VPC network. Not doing that will result in bad things as:

• travelling each request packets through the world-wide-web until it will reach necessary AWS server with desired file;
• possibility of DDOS attack on your system;
• and, of course, more...

The full answer on how to achieve that you can find in my response on similar question here :)