Simplest and tightest way to secure S3 buckets for static websites

Hi folks, I am trying to find clear and up-to-date docs that describe the "minimal" and most "tight" (but simplest) way (using the Permissions tab options on the S3 console) to secure my S3 bucket from Public 'writes' while using it serve a static website. As i understand it the Bucket Policy should read as below [1]. However, the docs for "Block Public Access" settings (the 1st tab) are not clear to me and I cannot find a combination of the public access settings that does not result in a scary 'warning' about public access (e.g., there are 4 boolean settings there along the lines of: "Block public access to buckets and objects granted through new access control lists (ACLs)", and so on (3 other related settings)).

Any clear notes or thoughts? Thank you!

ref: [1]:

{
  "Version":"2012-10-17",
  "Statement":[{
	"Sid":"PublicReadGetObject", "Effect":"Allow", "Principal": "*",
      "Action":["s3:GetObject"],
      "Resource":["arn:aws:s3:::example-my-bucket-id/*"
      ]
    }
  ]
}

Edited by: beanstalkfalch on Sep 3, 2019 7:19 AM