Weak and common passwords can be easily compromised by attackers. It is recommended that all users have at least 1 lowercase letter, 1 uppercase letter, 1 special character, and 1 number in their passwords. It is also recommended that users utilize a long password that does not contain repeating or common words or phrases. Passwords should be rotated regularly, and any temporary password should be set with a short lifespan.
In AWS Console -
In Terraform -
References:
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cognito_user_pool#password_policy