AWS Gov Cloud and the S3 File Reader

My company uses sub accounts under a master account to control access and track resources in AWS Gov Cloud. I am trying to get an account configured for the S3 File Reader that works in this configuration. Seems simple enough, I specify my access key and secret key and set the Cross Account IAM Role’s Role ARN field but the validation is failing:

Failed to validate account: The security token included in the request is invalid. (Service: AWSSecurityTokenService; Status Code: 403; Error Code: InvalidClientTokenId; Request ID: 4961a29f-a875-4c69-9665-e640610bc840) (Reason: No reason provided by the snap; Resolution: No resolution provided by the snap)

On my local machine, my ~/.aws/config file looks something like this:

 [default]
 region = us-gov-west-1
 
 [profile engineer]
 role_arn = arn:aws-us-gov:iam::############:role/Sandbox_Administrator
 source_profile = default
 region = us-gov-west-1

and my ~/.aws/credentials file looks something like this:

[default]
aws_access_key_id = <redacted>
aws_secret_access_key = <redacted>

When I run AWS CLI commands, I have to add “–profile engineer” to the command line but everything works properly.

Any clues as to what I need to do to make this work with the S3 File Reader?