Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws-cognito: add support for PasswordHistorySize attribute in passwordPolicy #33106

Closed
2 tasks
Loupi opened this issue Jan 23, 2025 · 1 comment · Fixed by #33164
Closed
2 tasks

aws-cognito: add support for PasswordHistorySize attribute in passwordPolicy #33106

Loupi opened this issue Jan 23, 2025 · 1 comment · Fixed by #33164
Assignees
@khushail
Labels
@aws-cdk/aws-cognito Related to Amazon Cognito feature-request A feature should be added or improved. investigating This issue is being investigated and/or work is in progress to resolve the issue. p2

Comments

@Loupi
Copy link

Loupi commented Jan 23, 2025

Describe the feature

Hello,

A couple of months ago, Cognito added a new PasswordHistorySize property to the PasswordPolicy object.
See this link

Currently, on CDK 2.176.0, it is not a PasswordPolicy property. It would be great to be able to set it within the UserPool object.

Are there any workarounds to set it?

Use Case

I would like to create a user pool with a password policy that does not allow to change a password if it is the same as the last X passwords.

Proposed Solution

Add a new passwordHistorySize property to the PasswordPolicy object, and allow us to set it like that:

const userPool = new UserPool(scope, 'userPool', {
    userPoolName: "MyUserPool",
    featurePlan: FeaturePlan.ESSENTIALS,
    passwordPolicy: {
      minLength: 8,
      requireLowercase: true,
      requireUppercase: true,
      requireDigits: true,
      requireSymbols: true,
      tempPasswordValidity: Duration.days(3),
      passwordHistorySize: 10, // <---------------- new property here
    },
    signInAliases: {
      email: true
    },
    signInCaseSensitive: false,
    standardAttributes: {
      email: {
        required: true,
        mutable: true
      }
    },
    selfSignUpEnabled: false,
    accountRecovery: AccountRecovery.EMAIL_ONLY,
    customSenderKmsKey,
  })

Other Information

No response

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

CDK version used

2.176.0

Environment details (OS name and version, etc.)

typescript, osx
@Loupi Loupi added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Jan 23, 2025
@github-actions github-actions bot added the @aws-cdk/aws-cognito Related to Amazon Cognito label Jan 23, 2025
@khushail khushail added investigating This issue is being investigated and/or work is in progress to resolve the issue. p2 and removed needs-triage This issue or PR still needs to be triaged. labels Jan 23, 2025
@khushail khushail self-assigned this Jan 23, 2025
@mazyu36 mazyu36 mentioned this issue Jan 25, 2025
Merged
1 task
@mergify mergify bot closed this as completed in #33164 Jan 26, 2025
mergify bot pushed a commit that referenced this issue Jan 26, 2025
@mazyu36
feat(cognito): support password history size (#33164)
988043e 
### Issue # (if applicable)

Closes #33106.

### Reason for this change
To enable password reuse prevention settings in Cognito user pools.



### Description of changes
Add `passwordHistorySize` property.



### Describe any new or updated permissions being added
No permission update.



### Description of how you validated changes
Add unit tests and an integ test.


### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@github-actions GitHub Actions
Copy link

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jan 26, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@khushail khushail

Labels
@aws-cdk/aws-cognito Related to Amazon Cognito feature-request A feature should be added or improved. investigating This issue is being investigated and/or work is in progress to resolve the issue. p2
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(cognito): support password history size mazyu36/aws-cdk
2 participants
@Loupi @khushail