If you're already using CMOD's Native encryption, there's no point is encrypting it a second time. it just adds overhead to all file operations...
If you're not using CMOD's Native Encryption... You should! It protects data from the moment it's loaded, and after that point, it shouldn't matter if it's accessible to the world as long as you can keep your encryption keys secret.
Finally, if I understand you correctly, you're suggesting that you would provide the unencrypted documents, *and* the encryption key (which is also the decryption key!) to the S3 server for it to do the work? That doesn't sound secure, since the key would leave your control on the CMOD server.
If you have any documentation or additional info on what you're trying to do, I'd love to read it. The cloud is a very new and strange thing for those of us who have already been working in IT for nearly 30 years.