diff --git a/internal/daemon/controller/handlers/aliases/alias_service.go b/internal/daemon/controller/handlers/aliases/alias_service.go
index 154022975b..04eb0a8ae6 100644
--- a/internal/daemon/controller/handlers/aliases/alias_service.go
+++ b/internal/daemon/controller/handlers/aliases/alias_service.go
@@ -588,6 +588,10 @@ func validateCreateRequest(req *pbs.CreateAliasRequest) error {
 		if !strings.EqualFold(req.GetItem().GetType(), aliasTypeTarget) {
 			badFields[globals.TypeField] = "This field is required. Current supported values are 'target'."
 		}
+		if req.GetItem().GetDestinationId().GetValue() != "" &&
+			!handlers.ValidId(handlers.Id(req.GetItem().GetDestinationId().GetValue()), globals.TcpTargetPrefix, globals.SshTargetPrefix) {
+			badFields[globals.DestinationIdField] = "Incorrectly formatted identifier."
+		}
 		if req.GetItem().GetTargetAliasAttributes().GetAuthorizeSessionArguments().GetHostId() != "" {
 			if req.GetItem().GetDestinationId().GetValue() == "" {
 				badFields[globals.DestinationIdField] = "This field is required when 'attributes.authorize_session_arguments.host_id' is specified."
@@ -606,6 +610,10 @@ func validateUpdateRequest(req *pbs.UpdateAliasRequest) error {
 		if handlers.MaskContains(req.GetUpdateMask().GetPaths(), "value") && req.GetItem().GetValue() == "" {
 			badFields["value"] = "This field is required."
 		}
+		if req.GetItem().GetDestinationId().GetValue() != "" &&
+			!handlers.ValidId(handlers.Id(req.GetItem().GetDestinationId().GetValue()), globals.TcpTargetPrefix, globals.SshTargetPrefix) {
+			badFields[globals.DestinationIdField] = "Incorrectly formatted identifier."
+		}
 		if req.GetItem().GetTargetAliasAttributes().GetAuthorizeSessionArguments().GetHostId() != "" &&
 			!handlers.ValidId(handlers.Id(req.GetItem().GetTargetAliasAttributes().GetAuthorizeSessionArguments().GetHostId()), globals.StaticHostPrefix, globals.PluginHostPrefix) {
 			badFields["attributes.authorize_session_arguments.host_id"] = "Incorrectly formatted identifier."
diff --git a/internal/daemon/controller/handlers/aliases/alias_service_test.go b/internal/daemon/controller/handlers/aliases/alias_service_test.go
index a31a32f1de..6a37609512 100644
--- a/internal/daemon/controller/handlers/aliases/alias_service_test.go
+++ b/internal/daemon/controller/handlers/aliases/alias_service_test.go
@@ -777,6 +777,16 @@ func TestCreate(t *testing.T) {
 				},
 			},
 		},
+		{
+			name: "Alias to poorly formatted target id",
+			req: &pbs.CreateAliasRequest{Item: &pb.Alias{
+				Type:          "target",
+				ScopeId:       scope.Global.String(),
+				Value:         "target-assigned.valid.alias",
+				DestinationId: wrapperspb.String("this is not a valid target id"),
+			}},
+			errContains: `Incorrectly formatted identifier.`,
+		},
 		{
 			name: "Alias to existing target with static host id",
 			req: &pbs.CreateAliasRequest{Item: &pb.Alias{
@@ -1203,6 +1213,20 @@ func TestUpdate(t *testing.T) {
 				},
 			},
 		},
+		{
+			name:    "Update destination id",
+			scopeId: og.GetScopeId(),
+			req: &pbs.UpdateAliasRequest{
+				UpdateMask: &field_mask.FieldMask{
+					Paths: []string{"destination_id"},
+				},
+				Item: &pb.Alias{
+					Name:          wrapperspb.String("ignored"),
+					DestinationId: wrapperspb.String("invalid format for targets"),
+				},
+			},
+			err: handlers.ApiErrorWithCode(codes.InvalidArgument),
+		},
 		{
 			name:    "unset value",
 			scopeId: og.GetScopeId(),