From a87a7eb4041fa23489b622b229d4a54dd6779190 Mon Sep 17 00:00:00 2001
From: Jared Baker <jared.baker@hashicorp.com>
Date: Mon, 9 Oct 2023 15:57:18 -0400
Subject: [PATCH] backend/s3: use aws alias name regex pattern

---
 internal/backend/remote-state/s3/validate.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/internal/backend/remote-state/s3/validate.go b/internal/backend/remote-state/s3/validate.go
index 2865acd5b2..01fcbd11bc 100644
--- a/internal/backend/remote-state/s3/validate.go
+++ b/internal/backend/remote-state/s3/validate.go
@@ -21,7 +21,7 @@ import (
 const (
 	multiRegionKeyIdPattern = `mrk-[a-f0-9]{32}`
 	uuidRegexPattern        = `[a-f0-9]{8}-[a-f0-9]{4}-[1-5][a-f0-9]{3}-[ab89][a-f0-9]{3}-[a-f0-9]{12}`
-	aliasRegexPattern       = `alias/(.*)`
+	aliasRegexPattern       = `alias/[a-zA-Z0-9/_-]+`
 )
 
 func validateKMSKey(path cty.Path, s string) (diags tfdiags.Diagnostics) {
@@ -86,7 +86,7 @@ func keyIdFromARNResource(s string) string {
 }
 
 func aliasIdFromARNResource(s string) string {
-	aliasIdResourceRegex := regexp.MustCompile(`^` + aliasRegexPattern + `$`)
+	aliasIdResourceRegex := regexp.MustCompile(`^(` + aliasRegexPattern + `)$`)
 	matches := aliasIdResourceRegex.FindStringSubmatch(s)
 	if matches == nil || len(matches) != 2 {
 		return ""