How can I sync data or trigger a Lambda when Cognito user attributes change?

I had the same problem. I store email, family_name and given_name in cognito as part of sign up process. Then users can change any of these fields at any time.

I couldn't find a way to track these changes as the documentation doesn't state any such lambda trigger for sync events. However, since the idToken contains the user attributes in my case, it has to update itself after user makes a change. So I tested this and found that the Pre-Token trigger is invoked any time there is a change in the user attributes so that it can regenerate a new token. That lambda contains the following payload

{
  version: '1',
  triggerSource: 'TokenGeneration_RefreshTokens',
  region: 'XXX',
  userPoolId: '',
  userName: 'XXX',
  callerContext: {
    awsSdkVersion: 'aws-sdk-unknown-unknown',
    clientId: 'XXX'
  },
  request: {
    userAttributes: {
      sub: 'XXX',
      email_verified: 'false',
      'cognito:user_status': 'CONFIRMED',
      'cognito:email_alias': '[email protected]',
      given_name: 'Name',
      family_name: 'New',
      email: '[email protected]'
    },
    groupConfiguration: {
      groupsToOverride: [],
      iamRolesToOverride: [],
      preferredRole: null
    }
  },
  response: { claimsOverrideDetails: null }
}

So I update the records in dynamodb in this lambda itself. I am not 100% sure though because the documentation doesn't say anything about this use case and pre token trigger. Give it a try and see.