This is what the documentation has to say. This basically boils down to time stamping and to mitigate against replay attacks, they suggest using SSL .
Request Authentication
AWS requests are authenticated by checking the information contained in the request. This check is performed using the information in the following table.
AWSAccessKeyId The AWS account is identified by an access key identifier. The passkey identifier is used to search for the secret passkey.
Signature Each web service request requiring authenticated requests must contain a valid request signature or the request is rejected. The request signature is calculated using the secret access key assigned to the AWS developer account, which is a shared secret known only to AWS and the developer.
Timestamp Date and time of the creation of the request, presented as a string in UTC format. The format of the value of this parameter must match the format of the DateTime XML Schema date data type.
The second link suggests the following:
The best defense against re-attacks is to ensure all your requests are made over an SSL connection. If you cannot use SSL, then the mechanism available to you to prevent the Attack from repeating is the Expires parameter in the version 2 signature. This requires your client to be synchronized with atomic time (using NTP or a similar synchronization protocol). If you do not use the Expires parameter, and rely only on the timestamp parameter, your requests are subject to the validity of the request, which depends on the service, but can be the same length of 15 minutes.