Amazon Cognito
Developer Guide

Adding User Pool Password Requirements

Specifying a minimum password length of at least 8 characters, as well as requiring uppercase, numeric, and special characters, creates strong passwords for your app users. Complex passwords are harder to guess, and we recommend them as a security best practice.

These characters are allowed in passwords:

  • uppercase and lowercase letters

  • numbers

  • the equals sign "="

  • the plus sign "+"

  • the special characters listed in the next section

Creating a Password Policy

You can specify the following password requirements in the AWS Management Console:

  • Minimum length, which must be at least 6 characters but fewer than 99 characters

  • Require numbers

  • Require a special character from this set:

    ^ $ * . [ ] { } ( ) ? - " ! @ # % & / \ , > < ' : ; | _ ~ `

  • Require uppercase letters

  • Require lowercase letters