Amazon S3 has completed a change so unauthorized requests that customers did not initiate are free of charge. With this change, bucket owners will never incur request or bandwidth charges for requests that return an HTTP 403 (Access Denied) error response if initiated from outside their individual AWS account or AWS Organization. To see the full list of error codes that are free of charge, visit Billing for Amazon S3 error responses. This billing change requires no changes to customer applications and applies to all S3 buckets.
This change was first announced on May 13, 2024, and was applied to most S3 APIs within several weeks. Now, this change is effective across all S3 APIs in all AWS Regions, including the AWS GovCloud (US) Regions and AWS China Regions. To learn more, visit Billing for Amazon S3 error responses and Error Responses in the S3 User Guide.
Source: AWS