Why, oh why, would you ever use an HMAC in this way? HMACs are great for validating your own data (e.g. "secure cookies"), but anyone who can validate an HMAC can also generate them. Repeat after me: HMACs are not signatures.
The key difference here is one between a message authentication code [1] and digital signature [2].
A digital signature uses public key cryptography: one person can generate and sign messages, everyone else can verify. A common one is the DSA[3] -- but there are many others, including freakishly fast elliptical curve versions.
I think the difference between AWS and the PS3 is that in the PS3's case, every single PS3 has to be able to validate the authentication code, whereas in AWS's case, only AWS needs to validate the code, so the secret material is only shared between a particular customer and AWS, but not with everyone else. It's not the same use case.
I agree, though, that they have been a little sloppy with the terminology. Some of their APIs refer to "Signature"s, when they should say "Authentication Code"s. I think, though, that this may have led to even more customer confusion than the current situation, as most people aren't aware of the difference between HMACs and signatures.
