I was/am having the same issue ... sort of. I am getting the same error message when testing the configuration.
I have tided to 'validate' the configuration 2 ways.
(1) AWS>Sect Creds> CloudFront > Access and Secret
(2) Create User / Group / Permissions via IAM with the AWS Policy Generator.
However, even though the plugin does not validate the Access Key and Secret Key... CloudFront is serving content for my domain / site. I know this because when viewing the page source in the browser the CNAME configured in Route53 is visible. If you don't have Route 53 configured with a sub domain for CloudFront you will just see something like #######.cloudfront.com
My guess is that the plugin validation needs to be updated and I wouldn't worry about the "Empty Access Key' error if in fact CloudFront is serving content.