1. Confirm that each step in the document below has been properly completed: AWS CloudTrail API
2. Refer to the document below to obtain the Access Key ID and Secret Access Key: AWS Access Key IAM Permissions and IAM Policies
3. If the error 'failed (Invalid Credential or Timeout)' occurs, new access keys have already been generated and verify that SQS, SNS, the S3 bucket, and CloudTrail are deployed in the same AWS region, the issue is likely due to the use of a custom inline policy for accessing the S3 bucket, as described in document item 2.
4. To grant read-only access to a specific Amazon S3 bucket, use the following custom inline policy on the AWS side:

{

  "Version": "2012-10-17",

  "Statement": [

    {

      "Effect": "Allow",

      "Action": [

        "s3:GetObject",

        "s3:ListBucket"

      ],

      "Resource": [

        "arn:aws:s3:::bucket-name",

        "arn:aws:s3:::bucket-name/*"

      ]

    }

  ]

}

5. It is necessaryto refer to the bucket itself 'arn:aws:s3:::bucket-name' and the objects within the bucket 'arn:aws:s3:::bucket-name/*'. After changing, the Test connectivity should be successful.