AWS KMS alias naming requirements - AWS CloudTrail

AWS KMS alias naming requirements

When you create an AWS KMS key, you can choose an alias to identify it. For example, you might choose the alias "KMS-CloudTrail-us-west-2" to encrypt the logs for a specific trail.

The alias must meet the following requirements:

  • Between 1 and 32 characters, inclusive

  • Contain alphanumeric characters (A-Z, a-z, 0-9), hyphens (-), forward slashes (/), and underscores (_)

  • Cannot begin with aws

For more information, see Creating Keys in the AWS Key Management Service Developer Guide.