Can I host a static website on a private Amazon S3 bucket and then serve the website using CloudFront?

No, you can't serve a static website hosted on a private bucket. Static website hosting on Amazon S3 uses a website endpoint, which doesn't support content that requires authentication (private content).

To limit access to your website hosted on Amazon S3 and served through CloudFront, you can do one of the following:

• Allow website (bucket) access only through the CloudFront distribution. To do this, the origin domain name on the distribution must be the bucket's REST API endpoint instead of its website endpoint. Additionally, you must add an origin access identity to the distribution. This configuration doesn't require public read access to the bucket.
• Allow website access only from a certain IP address or Amazon Virtual Private Cloud (Amazon VPC) using a bucket policy. To do this, you can keep the website endpoint as the origin domain name on the distribution. The bucket policy denies access to requests unless the request is from a specific IP address or VPC.
• Allow public read access to only certain files instead of the entire bucket. Then, only those files are accessible through the website endpoint.