I'm missing or misunderstanding something...
I created a Kinesis data stream and configured it to use a CMK with an alias name: kdskeyalias. The CMK was assigned KeyID 31c1...e95e1.
I then generated a new key 2437...83b75 and updated the alias to point to it.
When I list aliases it looks correct. The alias name is pointing to the new keyid. However when I view the stream configuration the encryption setting still points to the original keyid: 31c1...e95e1.
Is there a way I can configure the stream to use the alias so I can manually rotate the key?
If you used console, key ARN will be used when you select it from the drop down list, not the key's alias ARN.
You can verify that by using describe-stream AWC CLI call.
If you do this, you should see following key ARN (example):
arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012
For key alias ARN it would be (example):
arn:aws:kms:us-east-1:123456789012:alias/MyAliasName
To specify the Alias ARN, you can use start-stream-encryption AWS CLI.