PasswordPolicy

class aws_cdk.aws_cognito.PasswordPolicy(*, min_length=None, password_history_size=None, require_digits=None, require_lowercase=None, require_symbols=None, require_uppercase=None, temp_password_validity=None)

Bases: object

Password policy for User Pools.

Parameters:

  • min_length (Union[int, float, None]) – Minimum length required for a user’s password. Default: 8

  • password_history_size (Union[int, float, None]) – The number of previous passwords that you want Amazon Cognito to restrict each user from reusing. passwordHistorySize can not be set when featurePlan is FeaturePlan.LITE. Default: undefined - Cognito default setting is no restriction

  • require_digits (Optional[bool]) – Whether the user is required to have digits in their password. Default: true

  • require_lowercase (Optional[bool]) – Whether the user is required to have lowercase characters in their password. Default: true

  • require_symbols (Optional[bool]) – Whether the user is required to have symbols in their password. Default: true

  • require_uppercase (Optional[bool]) – Whether the user is required to have uppercase characters in their password. Default: true

  • temp_password_validity (Optional[Duration]) – The length of time the temporary password generated by an admin is valid. This must be provided as whole days, like Duration.days(3) or Duration.hours(48). Fractional days, such as Duration.hours(20), will generate an error. Default: Duration.days(7)

ExampleMetadata:

infused

Example:

cognito.UserPool(self, "myuserpool",
    # ...
    password_policy=cognito.PasswordPolicy(
        min_length=12,
        require_lowercase=True,
        require_uppercase=True,
        require_digits=True,
        require_symbols=True,
        temp_password_validity=Duration.days(3)
    )
)

Attributes

min_length

Minimum length required for a user’s password.

Default:

8

password_history_size

The number of previous passwords that you want Amazon Cognito to restrict each user from reusing.

passwordHistorySize can not be set when featurePlan is FeaturePlan.LITE.

Default:

undefined - Cognito default setting is no restriction

require_digits

Whether the user is required to have digits in their password.

Default:

true

require_lowercase

Whether the user is required to have lowercase characters in their password.

Default:

true

require_symbols

Whether the user is required to have symbols in their password.

Default:

true

require_uppercase

Whether the user is required to have uppercase characters in their password.

Default:

true

temp_password_validity

The length of time the temporary password generated by an admin is valid.

This must be provided as whole days, like Duration.days(3) or Duration.hours(48). Fractional days, such as Duration.hours(20), will generate an error.

Default:

Duration.days(7)