I am curious if it is possible to prevent a user from re-using their password (or previous n passwords) in AWS Cognito. It seems like this would be a feature, but I don't see it in the documentation (https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-policies.html).
It is possible with IAM (https://docs.amazonaws.cn/en_us/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html).
First of all AWS Cognito UserPools Password policy and AWS IAM User Password Policy are two things. Although IAM User Password Policy allows configuring password change enforcement, it's not available with AWS Cognito yet.
Currently, you can only configure following attributes for the password.
In addition, you can configure MFA.