AWS::Cognito::UserPool PasswordPolicy - Amazon CloudFormation
SyntaxProperties
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

This is the new Amazon CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the Amazon CloudFormation User Guide.

AWS::Cognito::UserPool PasswordPolicy

The password policy settings for a user pool, including complexity, history, and length requirements.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{
  "MinimumLength" : Integer,
  "PasswordHistorySize" : Integer,
  "RequireLowercase" : Boolean,
  "RequireNumbers" : Boolean,
  "RequireSymbols" : Boolean,
  "RequireUppercase" : Boolean,
  "TemporaryPasswordValidityDays" : Integer
}

Properties

MinimumLength

The minimum length of the password in the policy that you have set. This value can't be less than 6.

Required: No

Type: Integer

Minimum: 6

Maximum: 99

Update requires: No interruption

PasswordHistorySize

The number of previous passwords that you want Amazon Cognito to restrict each user from reusing. Users can't set a password that matches any of n previous passwords, where n is the value of PasswordHistorySize.

Required: No

Type: Integer

Minimum: 0

Maximum: 24

Update requires: No interruption

RequireLowercase

The requirement in a password policy that users must include at least one lowercase letter in their password.

Required: No

Type: Boolean

Update requires: No interruption

RequireNumbers

The requirement in a password policy that users must include at least one number in their password.

Required: No

Type: Boolean

Update requires: No interruption

RequireSymbols

The requirement in a password policy that users must include at least one symbol in their password.

Required: No

Type: Boolean

Update requires: No interruption

RequireUppercase

The requirement in a password policy that users must include at least one uppercase letter in their password.

Required: No

Type: Boolean

Update requires: No interruption

TemporaryPasswordValidityDays

The number of days a temporary password is valid in the password policy. If the user doesn't sign in during this time, an administrator must reset their password. Defaults to 7. If you submit a value of 0, Amazon Cognito treats it as a null value and sets TemporaryPasswordValidityDays to its default value.

Note

When you set TemporaryPasswordValidityDays for a user pool, you can no longer set a value for the legacy UnusedAccountValidityDays parameter in that user pool.

Required: No

Type: Integer

Minimum: 0

Maximum: 365

Update requires: No interruption