I am trying to connect my Loki instance to S3 bucket so I can save log chunks in the cloud. Here is the config that I am applying:
I have the following policy for the bucket:
but I keep getting the following error:
level=error ts=2022-02-28T17:31:53.967586933Z caller=flush.go:221 org_id=53299a67678118040c008cac msg="failed to flush user" err="open <bucket_hash>: permission denied"
Any idea what I might be missing?
… more to the point I have successfully connected my ruler to an S3 bucket successfully using the following config:
this is the config I ended up using for myself. I tried many different ways…
If I recall correctly, the secret key can not contain the character
/ or it wont work.
Hope that helps
Hey b0b. Thanks for reaching out. I think I have already tried that and still the same result. Maybe I need remove some of the other defined properties, like bucketnames or region (since they are defined in that URL).
Also … are there any other characters that would need escaping apart from ‘/’?
That is the whole
aws: part. I would remove
And for escaping the
/, again, if I remember correctly, I was not able to escape it, I generated a new key until I got one without a forward slash.
It turned out to be a different problem. The object store for the boltd-shipper, had to be specified to be in the same storage as the log chunks storage.
However your suggestion was helpful to determine that I had the correct connection configuration.
@georgikavalovexterna mind posting a sanitized version of your config. Having the same permission denied issue in EKS trying to use OIDC roles and thinking it might be due to s3 somehow even though it works with the single node deploy of loki