IF you just want to redirect the HTTP url to HTTPS url, then you could just configure it inside CloudFront. Under the Behaviours tab you can set the** Viewer Protocol Policy** to Redirect HTTP to HTTPS. More details available here.
Depending how you have done the 301 on S3 bucket, it might be returning the S3 bucket URL instead of the CloudFront URL. You can also prevent direct access to the S3 bucket by using the Origin Access Control. With this setup only your CloudFront can fetch files from S3 and Public access to S3 bucket is denied. You can read more about creating new origin access control here. (This setup still allows you to use AWS CLI and S3 API to manipulate objects inside the bucket)
If you have any concerns about the billing, please open customer support case. You are able to open Account and billing -cases even with basic support.
Redirect domain old to new domain automaticallyasked 3 months ago
HTTPS/TLS + static S3 websitesAccepted Answerasked 2 years ago
OAI or not OAI for serving a static website in S3 using CloudFrontasked 6 months ago
Cloudfront with a Lambda@Edge pointing to a private S3asked 2 years ago
New traffic from Irelandasked 7 days ago
S3 Static Website RoutingRules when using Cloudfront and a domain nameasked 3 years ago
How to use https with S3 (Alternate Domain Names) and Cloudfrontasked 3 years ago
Static bucket redirect requests append index.html to homepage URLasked 2 years ago
Is it possible to map an S3 static website to a public static IP address?Accepted Answerasked 2 years ago
Deploying a static website on S3 but using domain name from 123Regasked 3 months ago