HTTPS can be configured for communication from CloudFront to a custom origin, excluding S3 buckets. This will secure data in-transit to the origin, which is considered best practice. For more information, see the AWS documentation.
References:
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-cloudfront-to-custom-origin.html
In Terraform -
For more information, see the Terraform documentation.
References:
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#origin_ssl_protocols