If you are using S3 as a CDN, you will need to give WordPress' W3TC plugin access to your AWS account so it can upload files to S3 on behalf of you. The smart way to do this is to create a new AWS user who can only access what they need for W3TC to do its job. Who wants to store the keys to their whole AWS account in their WordPress based site? If that information is retrieved by a hacker, they could do tons of damage. If they only gain access to your site’s specific bucket, there is less damage to be done.