This is the new AWS CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the AWS CloudFormation User Guide.
AWS::Cognito::UserPool PasswordPolicy
The password policy settings for a user pool, including complexity, history, and length requirements.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "MinimumLength" :Integer, "PasswordHistorySize" :Integer, "RequireLowercase" :Boolean, "RequireNumbers" :Boolean, "RequireSymbols" :Boolean, "RequireUppercase" :Boolean, "TemporaryPasswordValidityDays" :Integer}
YAML
MinimumLength:IntegerPasswordHistorySize:IntegerRequireLowercase:BooleanRequireNumbers:BooleanRequireSymbols:BooleanRequireUppercase:BooleanTemporaryPasswordValidityDays:Integer
Properties
MinimumLength-
The minimum length of the password in the policy that you have set. This value can't be less than 6.
Required: No
Type: Integer
Minimum:
6Maximum:
99Update requires: No interruption
PasswordHistorySize-
The number of previous passwords that you want Amazon Cognito to restrict each user from reusing. Users can't set a password that matches any of
nprevious passwords, wherenis the value ofPasswordHistorySize.Required: No
Type: Integer
Minimum:
0Maximum:
24Update requires: No interruption
RequireLowercase-
The requirement in a password policy that users must include at least one lowercase letter in their password.
Required: No
Type: Boolean
Update requires: No interruption
RequireNumbers-
The requirement in a password policy that users must include at least one number in their password.
Required: No
Type: Boolean
Update requires: No interruption
RequireSymbols-
The requirement in a password policy that users must include at least one symbol in their password.
Required: No
Type: Boolean
Update requires: No interruption
RequireUppercase-
The requirement in a password policy that users must include at least one uppercase letter in their password.
Required: No
Type: Boolean
Update requires: No interruption
TemporaryPasswordValidityDays-
The number of days a temporary password is valid in the password policy. If the user doesn't sign in during this time, an administrator must reset their password. Defaults to
7. If you submit a value of0, Amazon Cognito treats it as a null value and setsTemporaryPasswordValidityDaysto its default value.Note
When you set
TemporaryPasswordValidityDaysfor a user pool, you can no longer set a value for the legacyUnusedAccountValidityDaysparameter in that user pool.Required: No
Type: Integer
Minimum:
0Maximum:
365Update requires: No interruption
