As I understand your question, you want to block direct access to your Lightsail storage bucket while using your Lightsail distribution to serve your content.
Lightsail is designed as a lightweight and easy-to-use platform for small to medium scale workloads. As a result, some features that you are used to with AWS's regular services (S3 Buckets and using CloudFront Origin Access Identities) are not available with Lightsail.
At this time, there is no way to block direct access to your Lightsail bucket while simultaneously serving it's content as you would with S3 Buckets and an OAI. The only available permissions for Lightsail buckets are the ones you mentioned in your question: "All objects are private", "Individual objects can be made public and read-only", and "All objects are public and read-only".
Moving to Cloudfront from LightSail Distributionasked a month ago
Lightsail Distribution not Resolvingasked 5 months ago
how to configure AWS cloudfront/distribution for plesk Ubuntu based wordpress website on lightsail instanceasked 3 months ago
Lightsail container as CloudFront Origin returns 404 No Such ServiceAccepted Answerasked 7 months ago
Lightsail S3 Bucket behind Lightsail Distributionasked 5 months ago
Using Lightsail with Cloudfrontasked 2 years ago
AWS lightsail Distribution (CDN) with C/panelasked 2 months ago
lightsail cdn default documentasked 8 months ago
Not able to attach a SSL certificate to a Lightsail distributionasked 5 months ago
How can i measure Data Transfer OUT from Amazon Lightsail Bucketasked 8 months ago