aws-cognito: add support for PasswordHistorySize attribute in passwordPolicy

[Loupi]

Describe the feature

Hello,

A couple of months ago, Cognito added a new PasswordHistorySize property to the PasswordPolicy object.
See this link

Currently, on CDK 2.176.0, it is not a PasswordPolicy property. It would be great to be able to set it within the UserPool object.

Are there any workarounds to set it?

Use Case

I would like to create a user pool with a password policy that does not allow to change a password if it is the same as the last X passwords.

Proposed Solution

Add a new passwordHistorySize property to the PasswordPolicy object, and allow us to set it like that:

const userPool = new UserPool(scope, 'userPool', {
    userPoolName: "MyUserPool",
    featurePlan: FeaturePlan.ESSENTIALS,
    passwordPolicy: {
      minLength: 8,
      requireLowercase: true,
      requireUppercase: true,
      requireDigits: true,
      requireSymbols: true,
      tempPasswordValidity: Duration.days(3),
      passwordHistorySize: 10, // <---------------- new property here
    },
    signInAliases: {
      email: true
    },
    signInCaseSensitive: false,
    standardAttributes: {
      email: {
        required: true,
        mutable: true
      }
    },
    selfSignUpEnabled: false,
    accountRecovery: AccountRecovery.EMAIL_ONLY,
    customSenderKmsKey,
  })

Other Information

No response

Acknowledgements

• I may be able to implement this feature request
• This feature might incur a breaking change

CDK version used

2.176.0

Environment details (OS name and version, etc.)

typescript, osx

[github-actions]

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.