for me it was that the AWS_ACCESS_KEY_ID were created as "protected". if you're not running the pipeline from protected branch (which I suppose you don't) then these vars are not exposed. just disable the "protected" checkbox