AWS::Cognito::UserPool PasswordPolicy - AWS CloudFormation

AWS::Cognito::UserPool PasswordPolicy

The password policy settings for a user pool, including complexity, history, and length requirements.

This data type is a request and response parameter of CreateUserPool and UpdateUserPool, and a response parameter of DescribeUserPool.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "MinimumLength" : Integer, "PasswordHistorySize" : Integer, "RequireLowercase" : Boolean, "RequireNumbers" : Boolean, "RequireSymbols" : Boolean, "RequireUppercase" : Boolean, "TemporaryPasswordValidityDays" : Integer }

Properties

MinimumLength

The minimum length of the password in the policy that you have set. This value can't be less than 6.

Required: No

Type: Integer

Minimum: 6

Maximum: 99

Update requires: No interruption

PasswordHistorySize

The number of previous passwords that you want Amazon Cognito to restrict each user from reusing. Users can't set a password that matches any of n previous passwords, where n is the value of PasswordHistorySize.

Password history isn't enforced and isn't displayed in DescribeUserPool responses when you set this value to 0 or don't provide it. To activate this setting, advanced security features must be active in your user pool.

Required: No

Type: Integer

Minimum: 0

Maximum: 24

Update requires: No interruption

RequireLowercase

The requirement in a password policy that users must include at least one lowercase letter in their password.

Required: No

Type: Boolean

Update requires: No interruption

RequireNumbers

The requirement in a password policy that users must include at least one number in their password.

Required: No

Type: Boolean

Update requires: No interruption

RequireSymbols

The requirement in a password policy that users must include at least one symbol in their password.

Required: No

Type: Boolean

Update requires: No interruption

RequireUppercase

The requirement in a password policy that users must include at least one uppercase letter in their password.

Required: No

Type: Boolean

Update requires: No interruption

TemporaryPasswordValidityDays

The number of days a temporary password is valid in the password policy. If the user doesn't sign in during this time, an administrator must reset their password. Defaults to 7. If you submit a value of 0, Amazon Cognito treats it as a null value and sets TemporaryPasswordValidityDays to its default value.

Note

When you set TemporaryPasswordValidityDays for a user pool, you can no longer set a value for the legacy UnusedAccountValidityDays parameter in that user pool.

Required: No

Type: Integer

Minimum: 0

Maximum: 365

Update requires: No interruption