AWS::Cognito::UserPool PasswordPolicy

The password policy settings for a user pool, including complexity, history, and length requirements.

This data type is a request and response parameter of CreateUserPool and UpdateUserPool, and a response parameter of DescribeUserPool.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON


{
  "MinimumLength" : Integer,
  "PasswordHistorySize" : Integer,
  "RequireLowercase" : Boolean,
  "RequireNumbers" : Boolean,
  "RequireSymbols" : Boolean,
  "RequireUppercase" : Boolean,
  "TemporaryPasswordValidityDays" : Integer
}

YAML


  MinimumLength: Integer
  PasswordHistorySize: Integer
  RequireLowercase: Boolean
  RequireNumbers: Boolean
  RequireSymbols: Boolean
  RequireUppercase: Boolean
  TemporaryPasswordValidityDays: Integer

Properties

MinimumLength

The minimum length of the password in the policy that you have set. This value can't be less than 6.

Required: No

Type: Integer

Minimum: 6

Maximum: 99

Update requires: No interruption

PasswordHistorySize

The number of previous passwords that you want Amazon Cognito to restrict each user from reusing. Users can't set a password that matches any of n previous passwords, where n is the value of PasswordHistorySize.

Password history isn't enforced and isn't displayed in DescribeUserPool responses when you set this value to 0 or don't provide it. To activate this setting, advanced security features must be active in your user pool.

Required: No

Type: Integer

Minimum: 0

Maximum: 24

Update requires: No interruption

RequireLowercase

The requirement in a password policy that users must include at least one lowercase letter in their password.

Required: No

Type: Boolean

Update requires: No interruption

RequireNumbers

The requirement in a password policy that users must include at least one number in their password.

Required: No

Type: Boolean

Update requires: No interruption

RequireSymbols

The requirement in a password policy that users must include at least one symbol in their password.

Required: No

Type: Boolean

Update requires: No interruption

RequireUppercase

The requirement in a password policy that users must include at least one uppercase letter in their password.

Required: No

Type: Boolean

Update requires: No interruption

TemporaryPasswordValidityDays

The number of days a temporary password is valid in the password policy. If the user doesn't sign in during this time, an administrator must reset their password. Defaults to 7. If you submit a value of 0, Amazon Cognito treats it as a null value and sets TemporaryPasswordValidityDays to its default value.

Note

When you set TemporaryPasswordValidityDays for a user pool, you can no longer set a value for the legacy UnusedAccountValidityDays parameter in that user pool.

Required: No

Type: Integer

Minimum: 0

Maximum: 365

Update requires: No interruption

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

NumberAttributeConstraints

Policies