After 14 days it should be encrypted independent of any AWS encryption as someone mentioned in the other Capital One thread and the key should not be stored on a S3 container or some obvious service that can be easily compromised.

Keeping all your eggs in one basket (the cloud) is never a good idea. If you have to do it try and give yourself as much control over sensitive data via encryption of no longer to be accessed data.