As @Graham Hill pointed out in his answer, encrypt it properly before it goes up the wire.
Amazon does allow you to specify that you'd like them to encrypt your S3 objects, but as they admit in their documentation, you can (and should) encrypt your information before it gets to them. Their own encryption that they add to your objects before/during save only potentially protects you against someone malicious accessing Amazon's servers: think an attacker gaining access to Amazon's internal data-centers. Even in this case, it's not so clear that you'd be protected, as if an attacker has root access to a machine, he can easily extract the encryption keys.
What Most (Security-Conscious) People Do
The best advice would be to encrypt your files using well-known and proven methods, most likely PGP/GPG encryption in this case. A pitfall of PGP encryption, however is that it is simple to determine the file type by inspecting the contents:
# encrypt myfile.jpg using PGP encryption to a new file called "things"
$ gpg --output things --encrypt --recipient me@myemail.com myfile.jpg
# what kind of file is "things"?
$ file things
things: GPG encrypted data
However, just because you know that it's a PGP-encrypted file doesn't mean that you know what it contains, especially if you give it a random filename.
For the Truly Paranoid
An even better1 way of doing things would be to create a file-backed container using TrueCrypt2, which is for all intents and purposes purposes a binary blob which doesn't really reveal what exactly it is. Plus, you can use TrueCrypt's hidden volume feature to gain yourself plausible deniability. Give it a fun name like this:
$ uuid | sha256sum - | cut -b 1-64
a42815e0a68efac65903cdbbbbf2875ee082d3e5f4f8ee831cbbe27606a8399f
And you'll have a binary blob with an incoherent, randomly-generated name which is a TrueCrypt volume (and possibly contains an additional hidden volume). Anyone who would download this file wouldn't be able to guess at what the file even is and if you use a significantly strong passphrase, you should be safe.
Want to be paranoid? Generate a ton of these volumes, each with its own name and its own significantly strong passphrase and put your PGP/GPG encrypted files inside of the volumes. The volumes will have static sizes and will significantly change as you modify files inside of them.
1 Possibly.
2 Scared about the security of TrueCrypt volumes? Read the security audit, and know that after reading the Phase I audit, Bruce Schneier still uses it.