AWS SDK not including Access Key (AKID) in X-Amz-Credential when creating presigned post, but only on Heroku

I am doing a direct to S3 upload, and I have the presigned post declared like this:

@s3_direct_post = S3_BUCKET.presigned_post(key: "images/#{SecureRandom.uuid}/${filename}", success_action_status: '201', acl: 'public-read', allow_any: ['utf8', 'authenticity_token'])

When in the development environment, it builds everything correctly and I get something like this:

{"key"=>"images/1be59d13-9d65-4d70-b631-93834409f361/${filename}", "success_action_status"=>"201", "acl"=>"public-read", "policy"=>"<BASE_64_POLICY>", "x-amz-credential"=>"<MY_ACCESS_KEY>/20180505/us-east-1/s3/aws4_request", "x-amz-algorithm"=>"AWS4-HMAC-SHA256", "x-amz-date"=>"20180505T232823Z", "x-amz-signature"=>"<AMZ_SIGNATURE>"}

But after I push it to Heroku, I get something like this:

{"key"=>"images/1be59d13-9d65-4d70-b631-93834409f361/${filename}", "success_action_status"=>"201", "acl"=>"public-read", "policy"=>"<BASE_64_POLICY>", "x-amz-credential"=>"/20180505/us-east-1/s3/aws4_request", "x-amz-algorithm"=>"AWS4-HMAC-SHA256", "x-amz-date"=>"20180505T232823Z", "x-amz-signature"=>"<AMZ_SIGNATURE>"}

Now that my Access Key (AKID) is no longer there, I get this error:

<Error><Code>InvalidArgument</Code><Message>a non-empty Access Key (AKID) must be provided in the credential.</Message><ArgumentName>X-Amz-Credential</ArgumentName><ArgumentValue>/20180505/us-east-1/s3/aws4_request</ArgumentValue><RequestId>%REQUESTID%</RequestId><HostId>%HOSTID%</HostId></Error>

My AWS credentials are declared in initalizers/aws.rb, so they are not dependent on the environment type. What could possibly be causing this?

Edit (showing how I declare the S3_BUCKET is a constant I initialize in aws.rb):

Aws.config.update({ region: 'us-east-1', credentials: Aws::Credentials.new(ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']) })

S3_BUCKET = Aws::S3::Resource.new.bucket(ENV['S3_BUCKET'])

Also, the difference between the two presigned-post objects:

"x-amz-credential"=>"<MY_ACCESS_KEY>/20180505/us-east-1/s3/aws4_request"

"x-amz-credential"=>"/20180505/us-east-1/s3/aws4_request"

You should not commit your credentials in your git repository so you should make sure in your initializer:

in config/initializers/credentials.rb

AWS_ACCESS_KEY_ID = ENV['AWS_ACCESS_KEY_ID']
AWS_SECRET_ACCESS_KEY = ENV['AWS_SECRET_ACCESS_KEY']

And use heroku-cli to configure your credentials on your app

heroku config:set AWS_ACCESS_KEY_ID=someLongHashKey AWS_SECRET_ACCESS_KEY=anotherLongHashKey --app my_app_name
# see heroku config --help

But your error may have to do with AWS SDK Presigned Post Ruby

and see https://docs.aws.amazon.com/sdkforruby/api/Aws/S3/PresignedPost.html

If that doesn't help, post how you're defining Aws::S3::PresignedPost.new

Finally, double check to make sure you've set your environment variables correctly in heroku

heroku config --app my_app_name #use your actual app name of course