S3 Secret access keys can contain special characters like /. When they do
1) FileSystemFromUri will fail to parse the URI unless you URL-encode them (e.g. replace / with %2F)
2) When you do escape the special characters, requests that require authorization fail with the message "The request signature we calculated does not match the signature you provided. Check your key and signing method." This may suggest that there's some extra URL encoding/decoding that needs to happen inside.
I was only able to work around this by generating a new access key that happened not to have special characters.