diff --git a/ingest_api/infrastructure/construct.py b/ingest_api/infrastructure/construct.py
index 0c283484..69b3265c 100644
--- a/ingest_api/infrastructure/construct.py
+++ b/ingest_api/infrastructure/construct.py
@@ -39,6 +39,7 @@ def __init__(
         self.user_pool = cognito.UserPool.from_user_pool_id(
             self, "cognito-user-pool", config.userpool_id
         )
+        self.jwks_url = self.build_jwks_url(config.userpool_id)
         db_security_group = ec2.SecurityGroup.from_security_group_id(
             self,
             "db-security-group",
@@ -47,6 +48,7 @@ def __init__(
 
         lambda_env = {
             "DYNAMODB_TABLE": self.table.table_name,
+            "JWKS_URL": self.jwks_url,
             "NO_PYDANTIC_SSM_SETTINGS": "1",
             "STAC_URL": config.stac_api_url,
             "USERPOOL_ID": config.userpool_id,
@@ -223,6 +225,13 @@ def build_api(
             default_domain_mapping=domain_mapping,
         )
 
+    def build_jwks_url(self, userpool_id: str) -> str:
+        region = userpool_id.split("_")[0]
+        return (
+            f"https://cognito-idp.{region}.amazonaws.com"
+            f"/{userpool_id}/.well-known/jwks.json"
+        )
+
     # item ingest table, comsumed by ingestor
     def build_table(self) -> dynamodb.ITable:
         table = dynamodb.Table(
diff --git a/ingest_api/runtime/src/config.py b/ingest_api/runtime/src/config.py
index c6629378..37b9d6bf 100644
--- a/ingest_api/runtime/src/config.py
+++ b/ingest_api/runtime/src/config.py
@@ -38,12 +38,6 @@ class Settings(BaseSettings):
     root_path: Optional[str] = None
     stage: Optional[str] = Field(description="API stage")
 
-    @property
-    def jwks_url(self) -> AnyHttpUrl:
-        """JWKS url"""
-        region = self.userpool_id.split("_")[0]
-        return f"https://cognito-idp.{region}.amazonaws.com/{self.userpool_id}/.well-known/jwks.json"
-
     @property
     def cognito_authorization_url(self) -> AnyHttpUrl:
         """Cognito user pool authorization url"""