Security concern regarding cloudwatch integration

As we understand that the cloud watch integration relies solely on the integration key to establish a subscription to AWS SNS, is there any other security measure in place in Pager Duty to prevent malicious parties from subscribing in the event they got hold of the integration key?

Or anyone with the integration key will be able to form the endpoint URL and send any message they want to pagerduty?

Hello,

Thanks for reaching out on our Community page. Yes, AWS integration is by key only, but so long as the keys are not exposed there is no risk to your Services. Additionally adding SSO might be a way to explore a way to further protect your Pagerduty account.

John