My company access a Third-party website, that uses a simple username + password authentication method. This vendor could restrict the application access (website) to a defined ip range. We are trying to implement 2-Factor Authentication to protect the website. We don't have access to source code of the website vendor, so we could not implement 2FA native on the website.
I was thinking in create a AWS EC2 instance with 2FA and restrict the third-party vendor website just to this IP.
Other option is to create a Proxy Server (with 2FA, I don't know if it possible) and restrict the ip address just to proxy.
Is it a best practice? Does anyone have another idea?