AWS_ACCESS_KEY_ID
and AWS_SECRET_ACCESS_KEY
env vars, same account will be used for both
DIGGER_AWS_ACCESS_KEY_ID
and DIGGER_AWS_SECRET_ACCESS_KEY
vars then those will be used for Digger locks, and the first pair will be used as target account