Loki s3 error, can't send data to s3

Hi all,

I can’t send data to s3.
I took an example from the documentation, but I get an error in the logs. Without s3 everything works fine.

level=error ts=2022-11-12T10:30:51.610538387Z caller=flush.go:220 org_id=fake msg=“failed to flush user” err="AccessDenied: Access Denied\n\tstatus code: 403, request id: 6a290faf19228ec6, host id: "

What am I doing wrong?

auth_enabled: false

server:
  http_listen_port: 3100
  grpc_listen_port: 9096

ingester:
  wal:
    enabled: true
    dir: /tmp/wal
  lifecycler:
    address: 127.0.0.1
    ring:
      kvstore:
        store: inmemory
      replication_factor: 1
    final_sleep: 0s
  chunk_idle_period: 1h     
  max_chunk_age: 1h          
  chunk_target_size: 1048576 
  chunk_retain_period: 30s   
  max_transfer_retries: 0     

schema_config:
  configs:
    - from: 2020-10-24
      store: boltdb-shipper
      object_store: s3
      schema: v11
      index:
        prefix: index_
        period: 24h

storage_config:
  boltdb_shipper:
    active_index_directory: /tmp/loki/boltdb-shipper-active
    cache_location: /tmp/loki/boltdb-shipper-cache
    cache_ttl: 24h        
    shared_store: s3
  aws:
   s3: s3://KeyId:AccessKey@endpoint/bucket_name
   s3forcepathstyle: true
compactor:
  working_directory: /tmp/loki/boltdb-shipper-compactor
  shared_store: s3

limits_config:
  reject_old_samples: true
  reject_old_samples_max_age: 168h

chunk_store_config:
  max_look_back_period: 0s

table_manager:
  retention_deletes_enabled: false
  retention_period: 0s

ruler:
  storage:
    type: local
    local:
      directory: /tmp/loki/rules
  rule_path: /tmp/loki/rules-temp
  alertmanager_url: http://localhost:9093
  ring:
    kvstore:
      store: inmemory
  enable_api: true
  

Error is quite clear, access denied. How are you deploying loki? How are you making sure the necessary permissions are granted?