Sure, variables names can be any, not exactly AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY.
If you want to completely hide everything sensitive (even in encrypted form) from YAML, you can use environment deployment. However be aware that this kind of deployment is asynchronous and failed deployment will not fail the build. More details are here. You can always set separate notification fro environment deployment though.
Please let us know if this makes sense and if it fits your scenario.
Explicitly setting the access key id and secret access key in S3 deployment YAML does work for me, but it seems like it should be unnecessary when the AWS SDK will use the proper environment variables if allowed.
For example, in Travis CI, setting AWS_ACCESS_KEY_ID in the UI as secure, the S3 provider will then implicitly use that environment variable without anything being set in the YAML.
It's valid in .travis.yml, if AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY are set in the UI, to just skip these provider parameters: