π§ AWS Cognito User Pool Password Policy is not strong - prod.logic.yamlπ’
- Contextual name: π§ prod.logic.yamlπ’
- ID:
/ce/ca/aws/cognito/user-pool-strong-password-policy/prod.logic.yaml - Tags:
- π’ Logic test success
- π’ Logic with extracts
- π’ Logic with test data
Usesβ
Test Results π’β
Generated at: 2026-04-25T12:02:20.140864329Z Open
| Result | Id | Condition Index | Condition Text | Runtime Error |
|---|---|---|---|---|
| π’ | test1 | βοΈ 99 | βοΈ isDisappeared(CA10A1__disappearanceTime__c) | βοΈ null |
| π’ | test2 | βοΈ 199 | βοΈ extract('CA10A1__passwordPolicyMinimumLength__c') < number(8.0) | βοΈ null |
| π’ | test3 | βοΈ 299 | βοΈ extract('CA10A1__passwordPolicyIsRequireLowercase__c') != 'true' | βοΈ null |
| π’ | test4 | βοΈ 399 | βοΈ extract('CA10A1__passwordPolicyIsRequireUppercase__c') != 'true' | βοΈ null |
| π’ | test5 | βοΈ 499 | βοΈ extract('CA10A1__passwordPolicyIsRequireNumbers__c') != 'true' | βοΈ null |
| π’ | test6 | βοΈ 599 | βοΈ extract('CA10A1__passwordPolicyIsRequireSymbols__c') != 'true' | βοΈ null |
| π’ | test7 | βοΈ 699 | βοΈ extract('CA10A1__passwordPolicyTemporaryValidityDays__c') > number(7.0) | βοΈ null |
| π’ | test8 | βοΈ 799 | βοΈ extract('CA10A1__passwordPolicyMinimumLength__c') >= number(8.0) && extract('CA10A1__passwordPolicyIsRequireLowercase__c') == 'true' && extract('CA10A1__passwordPolicyIsRequireUppercase__c') == 'true' && extract('CA10A1__passwordPolicyIsRequireNumbers__c') == 'true' && extract('CA10A1__passwordPolicyIsRequireSymbols__c') == 'true' && extract('CA10A1__passwordPolicyTemporaryValidityDays__c') <= number(7.0) | βοΈ null |
Generation Bundleβ
| File | MD5 | |
|---|---|---|
| Open | /ce/ca/aws/cognito/user-pool-strong-password-policy/policy.yaml | D3CDDC289E1987A8EA726954736780C4 |
| Open | /ce/ca/aws/cognito/user-pool-strong-password-policy/prod.logic.yaml | C34B038B642DD55AEA159A0532FB2081 |
| Open | /ce/ca/aws/cognito/user-pool-strong-password-policy/test-data.json | C9B6FA71C4F2989B9931A5A9682F6C4F |
| Open | /types/CA10A1__CaAwsCognitoUserPool__c/object.extracts.yaml | 603EF3950C35BC470402E6CAE7F5DF68 |
Available Commandsβ
repo-manager policies generate FULL /ce/ca/aws/cognito/user-pool-strong-password-policy/prod.logic.yaml
repo-manager policies generate DEBUG /ce/ca/aws/cognito/user-pool-strong-password-policy/prod.logic.yaml
repo-manager policies generate CAPTURE_TEST_DATA /ce/ca/aws/cognito/user-pool-strong-password-policy/prod.logic.yaml
repo-manager policies generate TESTS /ce/ca/aws/cognito/user-pool-strong-password-policy/prod.logic.yaml
# Execute tests
repo-manager policies test /ce/ca/aws/cognito/user-pool-strong-password-policy/prod.logic.yaml
Contentβ
---
inputType: "CA10A1__CaAwsCognitoUserPool__c"
importExtracts:
- file: "/types/CA10A1__CaAwsCognitoUserPool__c/object.extracts.yaml"
testData:
- file: "test-data.json"
conditions:
- status: "INCOMPLIANT"
currentStateMessage: "The Cognito user pool password policy minimum length is less than 8 characters."
remediationMessage: "Set the Cognito user pool password policy minimum length to at least 8 characters."
check:
LESS_THAN:
left:
EXTRACT: "CA10A1__passwordPolicyMinimumLength__c"
right:
NUMBER: 8.0
- status: "INCOMPLIANT"
currentStateMessage: "The Cognito user pool password policy does not require lowercase letters."
remediationMessage: "Require at least one lowercase letter in the Cognito user pool password policy."
check:
NOT_EQUAL:
left:
EXTRACT: "CA10A1__passwordPolicyIsRequireLowercase__c"
right:
TEXT: "true"
- status: "INCOMPLIANT"
currentStateMessage: "The Cognito user pool password policy does not require uppercase letters."
remediationMessage: "Require at least one uppercase letter in the Cognito user pool password policy."
check:
NOT_EQUAL:
left:
EXTRACT: "CA10A1__passwordPolicyIsRequireUppercase__c"
right:
TEXT: "true"
- status: "INCOMPLIANT"
currentStateMessage: "The Cognito user pool password policy does not require numbers."
remediationMessage: "Require at least one number in the Cognito user pool password policy."
check:
NOT_EQUAL:
left:
EXTRACT: "CA10A1__passwordPolicyIsRequireNumbers__c"
right:
TEXT: "true"
- status: "INCOMPLIANT"
currentStateMessage: "The Cognito user pool password policy does not require symbols."
remediationMessage: "Require at least one symbol in the Cognito user pool password policy."
check:
NOT_EQUAL:
left:
EXTRACT: "CA10A1__passwordPolicyIsRequireSymbols__c"
right:
TEXT: "true"
- status: "INCOMPLIANT"
currentStateMessage: "The Cognito user pool temporary password validity period is greater than 7 days."
remediationMessage: "Set the Cognito user pool temporary password validity period to 7 days or fewer."
check:
GREATER_THAN:
left:
EXTRACT: "CA10A1__passwordPolicyTemporaryValidityDays__c"
right:
NUMBER: 7.0
- status: "COMPLIANT"
currentStateMessage: "The Cognito user pool password policy requires a minimum\
\ length of at least 8 characters, requires uppercase and lowercase letters,\
\ numbers, and symbols, and limits temporary passwords to 7 days or fewer."
check:
AND:
args:
- GREATER_THAN_EQUAL:
left:
EXTRACT: "CA10A1__passwordPolicyMinimumLength__c"
right:
NUMBER: 8.0
- IS_EQUAL:
left:
EXTRACT: "CA10A1__passwordPolicyIsRequireLowercase__c"
right:
TEXT: "true"
- IS_EQUAL:
left:
EXTRACT: "CA10A1__passwordPolicyIsRequireUppercase__c"
right:
TEXT: "true"
- IS_EQUAL:
left:
EXTRACT: "CA10A1__passwordPolicyIsRequireNumbers__c"
right:
TEXT: "true"
- IS_EQUAL:
left:
EXTRACT: "CA10A1__passwordPolicyIsRequireSymbols__c"
right:
TEXT: "true"
- LESS_THAN_EQUAL:
left:
EXTRACT: "CA10A1__passwordPolicyTemporaryValidityDays__c"
right:
NUMBER: 7.0
otherwise:
status: "UNDETERMINED"
currentStateMessage: "Unexpected values were found in the Cognito user pool password policy settings."