Modify Amplify-generated Cognito resources with CDK
Amplify Auth provides sensible defaults for the underlying Amazon Cognito resource definitions. You can customize your authentication resource to enable it to behave exactly as needed for your use cases by modifying it directly using AWS Cloud Development Kit (CDK)
Override Cognito UserPool password policies
You can override the password policy by using the L1 cfnUserPool
construct and adding a addPropertyOverride
.
amplify/backend.ts
import { defineBackend } from '@aws-amplify/backend';import { auth } from './auth/resource';
const backend = defineBackend({ auth,});// extract L1 CfnUserPool resourcesconst { cfnUserPool } = backend.auth.resources.cfnResources;// modify cfnUserPool policies directlycfnUserPool.policies = { passwordPolicy: { minimumLength: 10, requireLowercase: true, requireNumbers: true, requireSymbols: true, requireUppercase: true, temporaryPasswordValidityDays: 20, },};