PasswordPolicyType - Amazon Cognito User Pools

PasswordPolicyType

The password policy settings for a user pool, including complexity, history, and length requirements.

This data type is a request and response parameter of CreateUserPool and UpdateUserPool, and a response parameter of DescribeUserPool.

Contents

MinimumLength

The minimum length of the password in the policy that you have set. This value can't be less than 6.

Type: Integer

Valid Range: Minimum value of 6. Maximum value of 99.

Required: No

PasswordHistorySize

The number of previous passwords that you want Amazon Cognito to restrict each user from reusing. Users can't set a password that matches any of n previous passwords, where n is the value of PasswordHistorySize.

Password history isn't enforced and isn't displayed in DescribeUserPool responses when you set this value to 0 or don't provide it. To activate this setting, your user pool must be in the Essentials tier or higher.

Type: Integer

Valid Range: Minimum value of 0. Maximum value of 24.

Required: No

RequireLowercase

The requirement in a password policy that users must include at least one lowercase letter in their password.

Type: Boolean

Required: No

RequireNumbers

The requirement in a password policy that users must include at least one number in their password.

Type: Boolean

Required: No

RequireSymbols

The requirement in a password policy that users must include at least one symbol in their password.

Type: Boolean

Required: No

RequireUppercase

The requirement in a password policy that users must include at least one uppercase letter in their password.

Type: Boolean

Required: No

TemporaryPasswordValidityDays

The number of days a temporary password is valid in the password policy. If the user doesn't sign in during this time, an administrator must reset their password. Defaults to 7. If you submit a value of 0, Amazon Cognito treats it as a null value and sets TemporaryPasswordValidityDays to its default value.

Note

When you set TemporaryPasswordValidityDays for a user pool, you can no longer set a value for the legacy UnusedAccountValidityDays parameter in that user pool.

Type: Integer

Valid Range: Minimum value of 0. Maximum value of 365.

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: