Every request to an AWS service is signed using the current timestamp, that is the client time at which your application makes the request. For security reasons and to protect against potential replay attacks, AWS requires that the difference between this timestamp and the AWS server time is less than 5 minute.
A request must reach AWS servers within five minutes of the timestamp in the request, otherwise AWS denies it (some docs state 15 minutes as limit). This time difference between clocks on different nodes of a network is called clock skew. In some situations client time could be significantly out of sync, i.e. on mobile devices, in VMs or in Docker containers. Calls to AWS from such clients could fail, but the triggered exception is not necessarily clear enough to uncover the underlying problem; these are a few examples: