Some ideas:
When you were on the CloudTrail configuration screen and it asked you if you wanted to create a new S3 bucket, try saying Yes and allowing AWS to define the correct permissions for that bucket for you automatically. There may be something missing there. If you don't want to do that, be sure to follow the AWS documentation for how to get the permissions correct here. (http://docs.aws.amazon.com/awscloudtrail/latest/userguide/create-s3-bucket-policy-for-cloudtrail.html)
Just checking, since you have your region redacted in your AWS console screenshots -- did you make sure the region you are using here matches the one you used in AWS?
When you try to manage settings in the inputs.conf file, please be sure to copy default/inputs.conf to local and edit there to save yourself future pain. Not relevant to your current troubleshooting, just a best practice.
Also in the conf file, it looks like you used your key ID for the aws_account parameter, but it expects the account friendly name there. Could account for the error.
Be sure to follow the documentation to add all the other parameters that you need: http://docs.splunk.com/Documentation/AddOns/released/AWS/ConfigureInputs#CloudTrail_inputs The default file you were editing doesn't include them all. Note that for the queue name, it just expects the final segment of the full queue URL. For example, if your SQS queue URL is http://sqs.us-east-1.amazonaws.com/123456789012/testQueue, then your SQS queue name is testQueue.
I just re-tested the steps with a new user that I put in a new group and attached ONLY the CloudTrail policy from the documentation to that group, and it is working for me. I suspect there is something awry with your policies, probably the one on the S3 bucket.
Hope this helps!
... View more