I don't see how this server block is active.
That "if ($host..." redirect is correctly used in a server block for port 80 to redirect to HTTPS (443). Your block2 is for port 443 already so this redirect would come back to itself causing a loop.
The if combined with the return 404 are only helpful when that server block is also your default. That means you either explicitly set it as such or it is the first server block nginx sees which becomes the default.
These make sure only valid SNI requests for that domain name are redirected to HTTPS (when properly in an HTTP server block). Often bots and IP scanners are not well-behaved so this keeps some load off your server to handle the second request. It also doesn't "leak" info about your domain name if the scanner was just using an IP address (although this is somewhat obscure).
Having these in other server blocks is not (usually) helpful as nginx will only choose non-default server blocks for legit SNI requests matching the server_name. I say usually because people can do weird things with listen clauses where this can get messy.
UPDATE:
Also, you should remove the AAAA record from the DNS for aws.osmium.app until you are able to get it working. And, you should try to do that.
But, connections on IPv6 are not working right now so the faulty AAAA can cause problems.