validate cognito user created by Admin

Hi team, I have a lambda function that

1. add a new user to Cognito user pool
2. add that newly created user to a Cognito Group
3. add user's information to a DynamoDB table

sometimes an error occurs, after step 1 or while adding the user to dynamo DB, so it ends with a situation where the user is added in Cognito but not to the group or not to the DynamoDB table.

is there a way to use a kind of transaction in a lambda function where we don't end up in an inconsistent state (user added in Cognito but no associated information in DDB table, if an error occurs after staep1)?

my second question is how can we validate a user added with AdminCreateUser API

using AdminCreateUser API call, my user is created with Force change password status, and then I want to send them a link( the default link of Cognito doesn't work) to verify their information and then validate the invitation. So how can I validate, in Cognito user pool, a user created with AdminCreateUser with the status Force change password using a custom link sent to the client?

Thank you team!!