There are two methods. One method uses power consumption. People reduce bypassing and measure power consumption, or they use high speed EMI probes with FPGA left in place. By trying to program various "cooked" bitstreams, this method can reveal the AES key in a matter of hours. There's practically no defence against this.
Another method uses a flaw in bitstream encryption which doesn't allow you to sniff the key, but the attacker can use the FPGA to decrypt the bitstream, or to configure FPGA with his own bitstream. This requires JTAG and works really fast. You can protect against this by not routing JTAG. Or you can detect the attack and take some destructive measures, such as disconnecting the battery. Or you can change the structure of the bitstream hoping that the attackers are not good enough to modify the sniffing software they use.
Either way, they can unsolder your FPGA and get access either to the bitstream or the AES key. Either one of these is enough to replicate your device and sell it. You can resist de-soldering by storing the key in a battery powered CMOS within FPGA (as opposed to fuses). This way they will have to unsolder without disconnecting the battery, which makes it more difficult. Or you can make access to FPGA more difficult, such as with potting.
Overall, I don't think there are any measures that can deter a skilled attaker.