Are transfers of files into S3 made using the AWS PHP SDK secure against eavesdropping attacks by default, and if not, what do I need to do in order to make them so?
The default scheme for all services connected to by the SDK is HTTPS (see http://docs.aws.amazon.com/aws-sdk-php/v3/guide/guide/configuration.html#scheme) so yes, any communication is secure against eavesdropping by default.