We're thinking to drop HTTP support, Thoughts?

If all you do on http is send a redirect to https, you might be able to do that on the loadbalancer itself, or have a minimum sized pool of origins that does it for all of your hosts, so all your loadbalancers would have port 80 sent to them.

If you have any inbound links to http content, you really should endeavor to make those continue to work forever.

All that said, when I ran a high volume website, I got hsts preloaded, and served favicon with hsts headers, but generally didn't redirect content pages to https. If the user had a browser supporting hsts, they would be on https, otherwise maybe they want to see the content, but their browser can't manage modern https. The page was public information only though, if you have private information, you may reasonably prefer to have server acceptable TLS or nothing.

If your domain has had HSTS for at least a year (long enough to be recognized by modern browsers) then you should be good. If not, then you'll still need port 80 for redirects.

Is there any way to leave the bots on port 80? As most browsers send users to https, you could use port 80 access as a signal these users are likely bots and should be treated as such? I just mention this because I know bot detection is itself an annoying problem... maybe you’ve found one possible way to at least learn who the bots are?

f you already forward every http request to https, then how are you serving http and how much?