PasswordPolicy

class aws_cdk.aws_cognito.PasswordPolicy(*, min_length=None, require_digits=None, require_lowercase=None, require_symbols=None, require_uppercase=None, temp_password_validity=None)

Bases: object

Password policy for User Pools.

Parameters

  • min_length (Union[int, float, None]) – Minimum length required for a user’s password. Default: 8

  • require_digits (Optional[bool]) – Whether the user is required to have digits in their password. Default: true

  • require_lowercase (Optional[bool]) – Whether the user is required to have lowercase characters in their password. Default: true

  • require_symbols (Optional[bool]) – Whether the user is required to have symbols in their password. Default: true

  • require_uppercase (Optional[bool]) – Whether the user is required to have uppercase characters in their password. Default: true

  • temp_password_validity (Optional[Duration]) – The length of time the temporary password generated by an admin is valid. This must be provided as whole days, like Duration.days(3) or Duration.hours(48). Fractional days, such as Duration.hours(20), will generate an error. Default: Duration.days(7)

ExampleMetadata

infused

Example:

cognito.UserPool(self, "myuserpool",
    # ...
    password_policy=cognito.PasswordPolicy(
        min_length=12,
        require_lowercase=True,
        require_uppercase=True,
        require_digits=True,
        require_symbols=True,
        temp_password_validity=Duration.days(3)
    )
)

Attributes

min_length

Minimum length required for a user’s password.

Default

8

require_digits

Whether the user is required to have digits in their password.

Default

true

require_lowercase

Whether the user is required to have lowercase characters in their password.

Default

true

require_symbols

Whether the user is required to have symbols in their password.

Default

true

require_uppercase

Whether the user is required to have uppercase characters in their password.

Default

true

temp_password_validity

The length of time the temporary password generated by an admin is valid.

This must be provided as whole days, like Duration.days(3) or Duration.hours(48). Fractional days, such as Duration.hours(20), will generate an error.

Default

Duration.days(7)