AWS Security ChangesHomeSearch

AWS securityhub documentation change

Service: securityhub · 2026-04-19 · Documentation medium

File: securityhub/latest/userguide/cognito-controls.md

Summary

Updated the allowed range for the 'temporaryPasswordValidity' parameter from 7-365 days to 1-365 days in a security control.

Security assessment

This change expands the configurability of a security control (Cognito password policy) by allowing shorter temporary password validity periods. While this relates to security configuration, there's no evidence it addresses a specific security vulnerability or incident.

Diff

diff --git a/securityhub/latest/userguide/cognito-controls.md b/securityhub/latest/userguide/cognito-controls.md
index d11f15411..ef08c675c 100644
--- a//securityhub/latest/userguide/cognito-controls.md
+++ b//securityhub/latest/userguide/cognito-controls.md
@@ -82 +82 @@ Parameter | Description | Type | Allowed custom values | Security Hub CSPM defau
-`temporaryPasswordValidity` | The maximum number of days that a password can exist before it expires.  | Integer | `7` to `365` | `7`  
+`temporaryPasswordValidity` | The maximum number of days that a password can exist before it expires.  | Integer | `1` to `365` | `7`