aws-cdk-lib 2.153.0__py3-none-any.whl → 2.154.0__py3-none-any.whl

aws_cdk/aws_s3/__init__.py

@@ -296,6 +296,17 @@ bucket = s3.Bucket.from_bucket_attributes(self, "ImportedBucket",
 bucket.add_event_notification(s3.EventType.OBJECT_CREATED, s3n.SnsDestination(topic))
 ```
 
+If you do not want for S3 to validate permissions of Amazon SQS, Amazon SNS, and Lambda destinations you can use the `notificationsSkipDestinationValidation` flag:
+
+```python
+# my_queue: sqs.Queue
+
+bucket = s3.Bucket(self, "MyBucket",
+    notifications_skip_destination_validation=True
+)
+bucket.add_event_notification(s3.EventType.OBJECT_REMOVED, s3n.SqsDestination(my_queue))
+```
+
 When you add an event notification to a bucket, a custom resource is created to
 manage the notifications. By default, a new role is created for the Lambda
 function that implements this feature. If you want to use your own role instead,
@@ -852,7 +863,7 @@ class BlockPublicAccess(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__7c7460d0788a3581f53118e0e633044dbbacdb3bb39e06a86a9c4e5c3d7e5a9f)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "blockPublicAcls", value)
+        jsii.set(self, "blockPublicAcls", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="blockPublicPolicy")
@@ -864,7 +875,7 @@ class BlockPublicAccess(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__d4ba75c66cc4ad7c5aa33a917a7eb35002488faf18ffffef6c2c5a7b960dbfc4)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "blockPublicPolicy", value)
+        jsii.set(self, "blockPublicPolicy", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="ignorePublicAcls")
@@ -876,7 +887,7 @@ class BlockPublicAccess(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__1f8520208f2ebe15624fbe74bc5aaef53e90abcb8518f3f569338cc8ab293916)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "ignorePublicAcls", value)
+        jsii.set(self, "ignorePublicAcls", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="restrictPublicBuckets")
@@ -888,7 +899,7 @@ class BlockPublicAccess(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__266e1f4868fa40826ae202681f95a8932749e242098b75f166505480f09f05b0)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "restrictPublicBuckets", value)
+        jsii.set(self, "restrictPublicBuckets", value) # pyright: ignore[reportArgumentType]
 
 
 @jsii.data_type(
@@ -1726,6 +1737,7 @@ class BucketPolicyProps:
         "metrics": "metrics",
         "minimum_tls_version": "minimumTLSVersion",
         "notifications_handler_role": "notificationsHandlerRole",
+        "notifications_skip_destination_validation": "notificationsSkipDestinationValidation",
         "object_lock_default_retention": "objectLockDefaultRetention",
         "object_lock_enabled": "objectLockEnabled",
         "object_ownership": "objectOwnership",
@@ -1762,6 +1774,7 @@ class BucketProps:
         metrics: typing.Optional[typing.Sequence[typing.Union[BucketMetrics, typing.Dict[builtins.str, typing.Any]]]] = None,
         minimum_tls_version: typing.Optional[jsii.Number] = None,
         notifications_handler_role: typing.Optional[_IRole_235f5d8e] = None,
+        notifications_skip_destination_validation: typing.Optional[builtins.bool] = None,
         object_lock_default_retention: typing.Optional["ObjectLockRetention"] = None,
         object_lock_enabled: typing.Optional[builtins.bool] = None,
         object_ownership: typing.Optional["ObjectOwnership"] = None,
@@ -1794,9 +1807,10 @@ class BucketProps:
         :param metrics: The metrics configuration of this bucket. Default: - No metrics configuration.
         :param minimum_tls_version: Enforces minimum TLS version for requests. Requires ``enforceSSL`` to be enabled. Default: No minimum TLS version is enforced.
         :param notifications_handler_role: The role to be used by the notifications handler. Default: - a new role will be created.
+        :param notifications_skip_destination_validation: Skips notification validation of Amazon SQS, Amazon SNS, and Lambda destinations. Default: false
         :param object_lock_default_retention: The default retention mode and rules for S3 Object Lock. Default retention can be configured after a bucket is created if the bucket already has object lock enabled. Enabling object lock for existing buckets is not supported. Default: no default retention period
         :param object_lock_enabled: Enable object lock on the bucket. Enabling object lock for existing buckets is not supported. Object lock must be enabled when the bucket is created. Default: false, unless objectLockDefaultRetention is set (then, true)
-        :param object_ownership: The objectOwnership of the bucket. Default: - No ObjectOwnership configuration, uploading account will own the object.
+        :param object_ownership: The objectOwnership of the bucket. Default: - No ObjectOwnership configuration. By default, Amazon S3 sets Object Ownership to ``Bucket owner enforced``. This means ACLs are disabled and the bucket owner will own every object.
         :param public_read_access: Grants public read access to all objects in the bucket. Similar to calling ``bucket.grantPublicAccess()`` Default: false
         :param removal_policy: Policy to apply when the bucket is removed from this stack. Default: - The bucket will be orphaned.
         :param server_access_logs_bucket: Destination bucket for the server access logs. Default: - If "serverAccessLogsPrefix" undefined - access logs disabled, otherwise - log to current bucket.
@@ -1850,6 +1864,7 @@ class BucketProps:
             check_type(argname="argument metrics", value=metrics, expected_type=type_hints["metrics"])
             check_type(argname="argument minimum_tls_version", value=minimum_tls_version, expected_type=type_hints["minimum_tls_version"])
             check_type(argname="argument notifications_handler_role", value=notifications_handler_role, expected_type=type_hints["notifications_handler_role"])
+            check_type(argname="argument notifications_skip_destination_validation", value=notifications_skip_destination_validation, expected_type=type_hints["notifications_skip_destination_validation"])
             check_type(argname="argument object_lock_default_retention", value=object_lock_default_retention, expected_type=type_hints["object_lock_default_retention"])
             check_type(argname="argument object_lock_enabled", value=object_lock_enabled, expected_type=type_hints["object_lock_enabled"])
             check_type(argname="argument object_ownership", value=object_ownership, expected_type=type_hints["object_ownership"])
@@ -1897,6 +1912,8 @@ class BucketProps:
             self._values["minimum_tls_version"] = minimum_tls_version
         if notifications_handler_role is not None:
             self._values["notifications_handler_role"] = notifications_handler_role
+        if notifications_skip_destination_validation is not None:
+            self._values["notifications_skip_destination_validation"] = notifications_skip_destination_validation
         if object_lock_default_retention is not None:
             self._values["object_lock_default_retention"] = object_lock_default_retention
         if object_lock_enabled is not None:
@@ -2122,6 +2139,17 @@ class BucketProps:
         result = self._values.get("notifications_handler_role")
         return typing.cast(typing.Optional[_IRole_235f5d8e], result)
 
+    @builtins.property
+    def notifications_skip_destination_validation(
+        self,
+    ) -> typing.Optional[builtins.bool]:
+        '''Skips notification validation of Amazon SQS, Amazon SNS, and Lambda destinations.
+
+        :default: false
+        '''
+        result = self._values.get("notifications_skip_destination_validation")
+        return typing.cast(typing.Optional[builtins.bool], result)
+
     @builtins.property
     def object_lock_default_retention(self) -> typing.Optional["ObjectLockRetention"]:
         '''The default retention mode and rules for S3 Object Lock.
@@ -2154,7 +2182,10 @@ class BucketProps:
     def object_ownership(self) -> typing.Optional["ObjectOwnership"]:
         '''The objectOwnership of the bucket.
 
-        :default: - No ObjectOwnership configuration, uploading account will own the object.
+        :default:
+
+        - No ObjectOwnership configuration. By default, Amazon S3 sets Object Ownership to ``Bucket owner enforced``.
+        This means ACLs are disabled and the bucket owner will own every object.
 
         :see: https://docs.aws.amazon.com/AmazonS3/latest/dev/about-object-ownership.html
         '''
@@ -2449,7 +2480,7 @@ class CfnAccessGrant(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__7750d212c13d41d88644a83707c5c60f4dd086f751d2f0979fa8364391f3cc05)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "accessGrantsLocationId", value)
+        jsii.set(self, "accessGrantsLocationId", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="grantee")
@@ -2467,7 +2498,7 @@ class CfnAccessGrant(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__431ce233bff506f83ee44602a4737c7e178a9d1ac6aa3d74f059a83dbc331bf8)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "grantee", value)
+        jsii.set(self, "grantee", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="permission")
@@ -2480,7 +2511,7 @@ class CfnAccessGrant(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__c743ab8e808b39c70065cfa43a083c3c97cd4d346016128603893332604f159b)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "permission", value)
+        jsii.set(self, "permission", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="accessGrantsLocationConfiguration")
@@ -2498,7 +2529,7 @@ class CfnAccessGrant(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__8e58d71c4ba726798891ac585e0984b18ab1040549545b96163bd2699812b609)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "accessGrantsLocationConfiguration", value)
+        jsii.set(self, "accessGrantsLocationConfiguration", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="applicationArn")
@@ -2511,7 +2542,7 @@ class CfnAccessGrant(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__c0d70891eae94ebbab8cc362f7a9a438c6715995972b22d5b4b14057acb7cfe5)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "applicationArn", value)
+        jsii.set(self, "applicationArn", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="s3PrefixType")
@@ -2524,7 +2555,7 @@ class CfnAccessGrant(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__b506a8fd769f3485e18f8209a0a136623369f2bbcb7eb045111e2f4058218750)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "s3PrefixType", value)
+        jsii.set(self, "s3PrefixType", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="tags")
@@ -2537,7 +2568,7 @@ class CfnAccessGrant(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__659b5473c09a3cd1d139db66aeb8bc0de478770051664670ba222033647b5b55)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "tags", value)
+        jsii.set(self, "tags", value) # pyright: ignore[reportArgumentType]
 
     @jsii.data_type(
         jsii_type="aws-cdk-lib.aws_s3.CfnAccessGrant.AccessGrantsLocationConfigurationProperty",
@@ -2992,7 +3023,7 @@ class CfnAccessGrantsInstance(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__d1edfd3c71ca2c204d8c2d42fea322038a8895b842d27bac8381609ced7dbeb4)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "identityCenterArn", value)
+        jsii.set(self, "identityCenterArn", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="tags")
@@ -3005,7 +3036,7 @@ class CfnAccessGrantsInstance(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__c9b78b2087e9cc15388ddb58da353ffe059b1e3b8044b2db62a599ecd5b176b4)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "tags", value)
+        jsii.set(self, "tags", value) # pyright: ignore[reportArgumentType]
 
 
 @jsii.data_type(
@@ -3223,7 +3254,7 @@ class CfnAccessGrantsLocation(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__c6ad3ea630d95d457364fa227ccc4159df9b2fe48cab3fd14afc7301612ddce6)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "iamRoleArn", value)
+        jsii.set(self, "iamRoleArn", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="locationScope")
@@ -3236,7 +3267,7 @@ class CfnAccessGrantsLocation(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__80f4ecc1c277ca36e62d80157ee09c7e5856bf9bc1e1542588d3449f958c3302)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "locationScope", value)
+        jsii.set(self, "locationScope", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="tags")
@@ -3249,7 +3280,7 @@ class CfnAccessGrantsLocation(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__34ec64e9e3a170eac86359c24d865c728a0273caa8c470380483ea14cc644f5c)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "tags", value)
+        jsii.set(self, "tags", value) # pyright: ignore[reportArgumentType]
 
 
 @jsii.data_type(
@@ -3513,7 +3544,7 @@ class CfnAccessPoint(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__f05d02ed64de76ec07ffab71aa952c3861b4de33221b338dcc4ff6eda2ea54fd)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "bucket", value)
+        jsii.set(self, "bucket", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="bucketAccountId")
@@ -3526,7 +3557,7 @@ class CfnAccessPoint(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__a20900e59a68c51259a69f8b59e898cf7f2b7da3295de514614bf9738b61566c)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "bucketAccountId", value)
+        jsii.set(self, "bucketAccountId", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="name")
@@ -3539,7 +3570,7 @@ class CfnAccessPoint(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__3a857c1b168134cdd7d76a3c9a3359cc7cf23990068b2761f01adf573b2cb2d6)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "name", value)
+        jsii.set(self, "name", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="policy")
@@ -3552,7 +3583,7 @@ class CfnAccessPoint(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__e424ad18d868eff85114332893fcf1ce3e590b1265b2bf01673d07c7eae67193)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "policy", value)
+        jsii.set(self, "policy", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="publicAccessBlockConfiguration")
@@ -3570,7 +3601,7 @@ class CfnAccessPoint(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__f1674ffbc32679c9e6b98201180481c7cd25fa6b6b1611ce89faf76ad24f3aba)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "publicAccessBlockConfiguration", value)
+        jsii.set(self, "publicAccessBlockConfiguration", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="vpcConfiguration")
@@ -3588,7 +3619,7 @@ class CfnAccessPoint(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__a49ee3ddcfdce1bcd8c198e3823a2490c2f4ac82647902a91b701dbc61ab86b8)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "vpcConfiguration", value)
+        jsii.set(self, "vpcConfiguration", value) # pyright: ignore[reportArgumentType]
 
     @jsii.data_type(
         jsii_type="aws-cdk-lib.aws_s3.CfnAccessPoint.PublicAccessBlockConfigurationProperty",
@@ -3616,7 +3647,7 @@ class CfnAccessPoint(
             :param block_public_acls: Specifies whether Amazon S3 should block public access control lists (ACLs) for this bucket and objects in this bucket. Setting this element to ``TRUE`` causes the following behavior: - PUT Bucket ACL and PUT Object ACL calls fail if the specified ACL is public. - PUT Object calls fail if the request includes a public ACL. - PUT Bucket calls fail if the request includes a public ACL. Enabling this setting doesn't affect existing policies or ACLs.
             :param block_public_policy: Specifies whether Amazon S3 should block public bucket policies for this bucket. Setting this element to ``TRUE`` causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access. Enabling this setting doesn't affect existing bucket policies.
             :param ignore_public_acls: Specifies whether Amazon S3 should ignore public ACLs for this bucket and objects in this bucket. Setting this element to ``TRUE`` causes Amazon S3 to ignore all public ACLs on this bucket and objects in this bucket. Enabling this setting doesn't affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set.
-            :param restrict_public_buckets: Specifies whether Amazon S3 should restrict public bucket policies for this bucket. Setting this element to ``TRUE`` restricts access to this bucket to only AWS service principals and authorized users within this account if the bucket has a public policy. Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.
+            :param restrict_public_buckets: Specifies whether Amazon S3 should restrict public bucket policies for this bucket. Setting this element to ``TRUE`` restricts access to this bucket to only AWS-service principals and authorized users within this account if the bucket has a public policy. Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-accesspoint-publicaccessblockconfiguration.html
             :exampleMetadata: fixture=_generated
@@ -3705,7 +3736,7 @@ class CfnAccessPoint(
         ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
             '''Specifies whether Amazon S3 should restrict public bucket policies for this bucket.
 
-            Setting this element to ``TRUE`` restricts access to this bucket to only AWS service principals and authorized users within this account if the bucket has a public policy.
+            Setting this element to ``TRUE`` restricts access to this bucket to only AWS-service principals and authorized users within this account if the bucket has a public policy.
 
             Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.
 
@@ -4162,7 +4193,7 @@ class CfnBucket(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__59850cae72bb7791c6b0c0ae14619dda37c70534d161318a8465134bb5f4fe02)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "accelerateConfiguration", value)
+        jsii.set(self, "accelerateConfiguration", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="accessControl")
@@ -4177,7 +4208,7 @@ class CfnBucket(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__558367ea58f04be68475519df751a354550328b2bd68ab64f3deb5d2df97846c)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "accessControl", value)
+        jsii.set(self, "accessControl", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="analyticsConfigurations")
@@ -4195,7 +4226,7 @@ class CfnBucket(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__7079422ddf22c742f00b15b0fb37f52680a2d0578fc4df7ebe03b5ce965b918c)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "analyticsConfigurations", value)
+        jsii.set(self, "analyticsConfigurations", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="bucketEncryption")
@@ -4213,7 +4244,7 @@ class CfnBucket(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__51b46a81434808d9dc9a5d68b053ff1b93618b7249c98960f0b51727be51b5ad)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "bucketEncryption", value)
+        jsii.set(self, "bucketEncryption", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="bucketName")
@@ -4226,7 +4257,7 @@ class CfnBucket(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__54108cc6ed6ba655299058199da4b6fec6fa93a8906725ea4b77f9b08dc389da)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "bucketName", value)
+        jsii.set(self, "bucketName", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="corsConfiguration")
@@ -4244,7 +4275,7 @@ class CfnBucket(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__cb3da71fd03c0ae5ddaf7d7c45c63bf3dc9b5724984d98444a4630d8d4b1fdb5)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "corsConfiguration", value)
+        jsii.set(self, "corsConfiguration", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="intelligentTieringConfigurations")
@@ -4262,7 +4293,7 @@ class CfnBucket(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__4fb21ce4f81db8de1df3e39aaf7ed39f66b28a3f89b3c78938b1ff3d59ead30e)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "intelligentTieringConfigurations", value)
+        jsii.set(self, "intelligentTieringConfigurations", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="inventoryConfigurations")
@@ -4280,7 +4311,7 @@ class CfnBucket(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__c33d443a6fcc8a546a42351915fcdc741dcfd4a8ebb3c8dc71924203c4153b65)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "inventoryConfigurations", value)
+        jsii.set(self, "inventoryConfigurations", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="lifecycleConfiguration")
@@ -4298,7 +4329,7 @@ class CfnBucket(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__88e54b469a555c42174e4cb7a836533b85bf97d9148bc93a37bf1f3b4e5553e5)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "lifecycleConfiguration", value)
+        jsii.set(self, "lifecycleConfiguration", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="loggingConfiguration")
@@ -4316,7 +4347,7 @@ class CfnBucket(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__4b77f03fd3b3677eb1438ce6b2a3991e386c73bd8744df53f5e4ba5ea0868fa6)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "loggingConfiguration", value)
+        jsii.set(self, "loggingConfiguration", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="metricsConfigurations")
@@ -4334,7 +4365,7 @@ class CfnBucket(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__eac9036be4bb48ceb77f2042d6e2e3fb403dcb81f8655b8537b4075e2a39cc3b)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "metricsConfigurations", value)
+        jsii.set(self, "metricsConfigurations", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="notificationConfiguration")
@@ -4352,7 +4383,7 @@ class CfnBucket(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__20a66130902c7d4592805ff8dc880725751a60a4171e09fd6aa5385ce24598fd)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "notificationConfiguration", value)
+        jsii.set(self, "notificationConfiguration", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="objectLockConfiguration")
@@ -4372,7 +4403,7 @@ class CfnBucket(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__e8b8559e4a081774c2749be759390488e40a24643968140ea2346ff609521ea2)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "objectLockConfiguration", value)
+        jsii.set(self, "objectLockConfiguration", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="objectLockEnabled")
@@ -4390,7 +4421,7 @@ class CfnBucket(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__6f8424bc1449670166518896e6a7a45b3df40a9b94a427798a622a961b5ae965)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "objectLockEnabled", value)
+        jsii.set(self, "objectLockEnabled", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="ownershipControls")
@@ -4408,7 +4439,7 @@ class CfnBucket(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__f0a377f5fa5575a942ea4c125def763d108db389f3189897344168f5ee5f9578)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "ownershipControls", value)
+        jsii.set(self, "ownershipControls", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="publicAccessBlockConfiguration")
@@ -4426,7 +4457,7 @@ class CfnBucket(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__ee5ab6031f494032aea942170873734a91bbb68afd4490340c53268f4b0cafde)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "publicAccessBlockConfiguration", value)
+        jsii.set(self, "publicAccessBlockConfiguration", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="replicationConfiguration")
@@ -4444,7 +4475,7 @@ class CfnBucket(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__7721d25a7203c95793b94cc10e13ce2b5bc18dddf33f9bef78764a8324aac491)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "replicationConfiguration", value)
+        jsii.set(self, "replicationConfiguration", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="tagsRaw")
@@ -4457,7 +4488,7 @@ class CfnBucket(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__5d4f9db226bf40c4990f36de793587b8a795ed9c7670326433f1e6c2b93c5f7d)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "tagsRaw", value)
+        jsii.set(self, "tagsRaw", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="versioningConfiguration")
@@ -4475,7 +4506,7 @@ class CfnBucket(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__4984f673222966737c2901226c6bfe5186dbc7dd12751fcbc01b53341605b5b0)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "versioningConfiguration", value)
+        jsii.set(self, "versioningConfiguration", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="websiteConfiguration")
@@ -4493,7 +4524,7 @@ class CfnBucket(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__81f473c3bbc4b92d2b62f5c4a09f49b95480f03d5666d07ad20a7c77c9a3edc0)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "websiteConfiguration", value)
+        jsii.set(self, "websiteConfiguration", value) # pyright: ignore[reportArgumentType]
 
     @jsii.data_type(
         jsii_type="aws-cdk-lib.aws_s3.CfnBucket.AbortIncompleteMultipartUploadProperty",
@@ -7220,7 +7251,7 @@ class CfnBucket(
             :param block_public_acls: Specifies whether Amazon S3 should block public access control lists (ACLs) for this bucket and objects in this bucket. Setting this element to ``TRUE`` causes the following behavior: - PUT Bucket ACL and PUT Object ACL calls fail if the specified ACL is public. - PUT Object calls fail if the request includes a public ACL. - PUT Bucket calls fail if the request includes a public ACL. Enabling this setting doesn't affect existing policies or ACLs.
             :param block_public_policy: Specifies whether Amazon S3 should block public bucket policies for this bucket. Setting this element to ``TRUE`` causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access. Enabling this setting doesn't affect existing bucket policies.
             :param ignore_public_acls: Specifies whether Amazon S3 should ignore public ACLs for this bucket and objects in this bucket. Setting this element to ``TRUE`` causes Amazon S3 to ignore all public ACLs on this bucket and objects in this bucket. Enabling this setting doesn't affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set.
-            :param restrict_public_buckets: Specifies whether Amazon S3 should restrict public bucket policies for this bucket. Setting this element to ``TRUE`` restricts access to this bucket to only AWS service principals and authorized users within this account if the bucket has a public policy. Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.
+            :param restrict_public_buckets: Specifies whether Amazon S3 should restrict public bucket policies for this bucket. Setting this element to ``TRUE`` restricts access to this bucket to only AWS-service principals and authorized users within this account if the bucket has a public policy. Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-publicaccessblockconfiguration.html
             :exampleMetadata: fixture=_generated
@@ -7309,7 +7340,7 @@ class CfnBucket(
         ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
             '''Specifies whether Amazon S3 should restrict public bucket policies for this bucket.
 
-            Setting this element to ``TRUE`` restricts access to this bucket to only AWS service principals and authorized users within this account if the bucket has a public policy.
+            Setting this element to ``TRUE`` restricts access to this bucket to only AWS-service principals and authorized users within this account if the bucket has a public policy.
 
             Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.
 
@@ -10339,7 +10370,7 @@ class CfnBucketPolicy(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__8b5451a546c891d4596957e8ab503d7f49164dd86fa1f0fa30cca1ffc579ae63)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "bucket", value)
+        jsii.set(self, "bucket", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="policyDocument")
@@ -10352,7 +10383,7 @@ class CfnBucketPolicy(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__0e8fd92f949a743ee76326cb0c265c3f249d88130ab93dbd4233f73361a53885)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "policyDocument", value)
+        jsii.set(self, "policyDocument", value) # pyright: ignore[reportArgumentType]
 
 
 @jsii.data_type(
@@ -10992,7 +11023,7 @@ class CfnMultiRegionAccessPoint(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__abf30f9759724879a8879072672e118efc44335a0667b00427319fbcf50b326b)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "regions", value)
+        jsii.set(self, "regions", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="name")
@@ -11005,7 +11036,7 @@ class CfnMultiRegionAccessPoint(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__44d6d7312671090bddc10fb211738cc12e4c1f5e00ee3e72f8c030c91477ddf1)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "name", value)
+        jsii.set(self, "name", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="publicAccessBlockConfiguration")
@@ -11023,7 +11054,7 @@ class CfnMultiRegionAccessPoint(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__1d2683633ee0afd0f5bc9f609e4e09e2e89e8ebe6f84ca95e487620baab02904)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "publicAccessBlockConfiguration", value)
+        jsii.set(self, "publicAccessBlockConfiguration", value) # pyright: ignore[reportArgumentType]
 
     @jsii.data_type(
         jsii_type="aws-cdk-lib.aws_s3.CfnMultiRegionAccessPoint.PublicAccessBlockConfigurationProperty",
@@ -11051,7 +11082,7 @@ class CfnMultiRegionAccessPoint(
             :param block_public_acls: Specifies whether Amazon S3 should block public access control lists (ACLs) for this bucket and objects in this bucket. Setting this element to ``TRUE`` causes the following behavior: - PUT Bucket ACL and PUT Object ACL calls fail if the specified ACL is public. - PUT Object calls fail if the request includes a public ACL. - PUT Bucket calls fail if the request includes a public ACL. Enabling this setting doesn't affect existing policies or ACLs.
             :param block_public_policy: Specifies whether Amazon S3 should block public bucket policies for this bucket. Setting this element to ``TRUE`` causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access. Enabling this setting doesn't affect existing bucket policies.
             :param ignore_public_acls: Specifies whether Amazon S3 should ignore public ACLs for this bucket and objects in this bucket. Setting this element to ``TRUE`` causes Amazon S3 to ignore all public ACLs on this bucket and objects in this bucket. Enabling this setting doesn't affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set.
-            :param restrict_public_buckets: Specifies whether Amazon S3 should restrict public bucket policies for this bucket. Setting this element to ``TRUE`` restricts access to this bucket to only AWS service principals and authorized users within this account if the bucket has a public policy. Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.
+            :param restrict_public_buckets: Specifies whether Amazon S3 should restrict public bucket policies for this bucket. Setting this element to ``TRUE`` restricts access to this bucket to only AWS-service principals and authorized users within this account if the bucket has a public policy. Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-multiregionaccesspoint-publicaccessblockconfiguration.html
             :exampleMetadata: fixture=_generated
@@ -11140,7 +11171,7 @@ class CfnMultiRegionAccessPoint(
         ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
             '''Specifies whether Amazon S3 should restrict public bucket policies for this bucket.
 
-            Setting this element to ``TRUE`` restricts access to this bucket to only AWS service principals and authorized users within this account if the bucket has a public policy.
+            Setting this element to ``TRUE`` restricts access to this bucket to only AWS-service principals and authorized users within this account if the bucket has a public policy.
 
             Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.
 
@@ -11350,7 +11381,7 @@ class CfnMultiRegionAccessPointPolicy(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__17f32a002f27dea27870835c7ec14b66b5e1668b65ce5f1e92e3841321192080)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "mrapName", value)
+        jsii.set(self, "mrapName", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="policy")
@@ -11363,7 +11394,7 @@ class CfnMultiRegionAccessPointPolicy(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__f652c96d8b984e16b2d02a6b6cce91057e4836c1eca63227e3d8951f867147b4)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "policy", value)
+        jsii.set(self, "policy", value) # pyright: ignore[reportArgumentType]
 
     @jsii.data_type(
         jsii_type="aws-cdk-lib.aws_s3.CfnMultiRegionAccessPointPolicy.PolicyStatusProperty",
@@ -11804,7 +11835,7 @@ class CfnStorageLens(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__f35f40ae5dafee2732cb533b5c63c68b228b6ed5c2729e9daf124f35d29c4632)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "storageLensConfiguration", value)
+        jsii.set(self, "storageLensConfiguration", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="tagsRaw")
@@ -11817,7 +11848,7 @@ class CfnStorageLens(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__0530718447b790342c8d2881cb2324f474879f89248f162150fb9512520ca065)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "tagsRaw", value)
+        jsii.set(self, "tagsRaw", value) # pyright: ignore[reportArgumentType]
 
     @jsii.data_type(
         jsii_type="aws-cdk-lib.aws_s3.CfnStorageLens.AccountLevelProperty",
@@ -13756,7 +13787,7 @@ class CfnStorageLensGroup(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__e28051bd1722ff06856f70b9254cb6f3916e33e05b162c4e7c2fb8f985955f7e)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "filter", value)
+        jsii.set(self, "filter", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="name")
@@ -13769,7 +13800,7 @@ class CfnStorageLensGroup(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__e6352d8510fa53fd6e57a3a505437c1fc03b2303c43ec2d2c48a495c9c41bac7)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "name", value)
+        jsii.set(self, "name", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="tags")
@@ -13782,7 +13813,7 @@ class CfnStorageLensGroup(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__6e84ad8afd56ef3e30a306bbf30582a814aad58c407feefb71d4baf2f9d3d49c)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "tags", value)
+        jsii.set(self, "tags", value) # pyright: ignore[reportArgumentType]
 
     @jsii.data_type(
         jsii_type="aws-cdk-lib.aws_s3.CfnStorageLensGroup.AndProperty",
@@ -14890,15 +14921,12 @@ class EventType(enum.Enum):
 
     Example::
 
-        # my_lambda: lambda.Function
-        
-        bucket = s3.Bucket.from_bucket_attributes(self, "ImportedBucket",
-            bucket_arn="arn:aws:s3:::my-bucket"
-        )
+        # my_queue: sqs.Queue
         
-        # now you can just call methods on the bucket
-        bucket.add_event_notification(s3.EventType.OBJECT_CREATED, s3n.LambdaDestination(my_lambda),
-            prefix="home/myusername/*"
+        bucket = s3.Bucket(self, "MyBucket")
+        bucket.add_event_notification(s3.EventType.OBJECT_REMOVED, s3n.SqsDestination(my_queue),
+            prefix="foo/",
+            suffix=".jpg"
         )
     '''
 
@@ -15665,7 +15693,7 @@ class _IBucketProxy(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__eee382ff86c17d46379012dcccee86976ea92e15cb6d63c3e3f4e853c058ac53)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "policy", value)
+        jsii.set(self, "policy", value) # pyright: ignore[reportArgumentType]
 
     @jsii.member(jsii_name="addEventNotification")
     def add_event_notification(
@@ -19110,7 +19138,24 @@ class BucketBase(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__379a88b5f70f3d0bcea4ef03e8d2e7c8d8bf62a080e3ea71e8d2c12af42fb5c2)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "notificationsHandlerRole", value)
+        jsii.set(self, "notificationsHandlerRole", value) # pyright: ignore[reportArgumentType]
+
+    @builtins.property
+    @jsii.member(jsii_name="notificationsSkipDestinationValidation")
+    def _notifications_skip_destination_validation(
+        self,
+    ) -> typing.Optional[builtins.bool]:
+        return typing.cast(typing.Optional[builtins.bool], jsii.get(self, "notificationsSkipDestinationValidation"))
+
+    @_notifications_skip_destination_validation.setter
+    def _notifications_skip_destination_validation(
+        self,
+        value: typing.Optional[builtins.bool],
+    ) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__42e85b6923bfd67ab8a552353ddd2926a9f375ed612e3f505a0edb6ab7b88ef0)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "notificationsSkipDestinationValidation", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="objectOwnership")
@@ -19122,7 +19167,7 @@ class BucketBase(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__7b774af5b2b1e2ee5e0028e8447eaa4ff4997a31be4ec32c1d4c40be3a26fcd9)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "objectOwnership", value)
+        jsii.set(self, "objectOwnership", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="policy")
@@ -19210,7 +19255,7 @@ class _BucketBaseProxy(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__0582098f8e3dd726fbdc6c6a107c1357209a1393b57d66b13cdfdd987e1d2059)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "autoCreatePolicy", value)
+        jsii.set(self, "autoCreatePolicy", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="disallowPublicAccess")
@@ -19223,7 +19268,7 @@ class _BucketBaseProxy(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__e09f0f11401862e34b246bbedc7f76234ab2424a7a05160418c68ebc32d26912)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "disallowPublicAccess", value)
+        jsii.set(self, "disallowPublicAccess", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="policy")
@@ -19240,7 +19285,7 @@ class _BucketBaseProxy(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__1d54fb5dd19da2dbb943d620662efadde1df29be901c2f95b3ae6d389056896c)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "policy", value)
+        jsii.set(self, "policy", value) # pyright: ignore[reportArgumentType]
 
 # Adding a "__jsii_proxy_class__(): typing.Type" function to the abstract class
 typing.cast(typing.Any, BucketBase).__jsii_proxy_class__ = lambda : _BucketBaseProxy
@@ -19291,6 +19336,7 @@ class Bucket(
         metrics: typing.Optional[typing.Sequence[typing.Union[BucketMetrics, typing.Dict[builtins.str, typing.Any]]]] = None,
         minimum_tls_version: typing.Optional[jsii.Number] = None,
         notifications_handler_role: typing.Optional[_IRole_235f5d8e] = None,
+        notifications_skip_destination_validation: typing.Optional[builtins.bool] = None,
         object_lock_default_retention: typing.Optional[ObjectLockRetention] = None,
         object_lock_enabled: typing.Optional[builtins.bool] = None,
         object_ownership: typing.Optional[ObjectOwnership] = None,
@@ -19325,9 +19371,10 @@ class Bucket(
         :param metrics: The metrics configuration of this bucket. Default: - No metrics configuration.
         :param minimum_tls_version: Enforces minimum TLS version for requests. Requires ``enforceSSL`` to be enabled. Default: No minimum TLS version is enforced.
         :param notifications_handler_role: The role to be used by the notifications handler. Default: - a new role will be created.
+        :param notifications_skip_destination_validation: Skips notification validation of Amazon SQS, Amazon SNS, and Lambda destinations. Default: false
         :param object_lock_default_retention: The default retention mode and rules for S3 Object Lock. Default retention can be configured after a bucket is created if the bucket already has object lock enabled. Enabling object lock for existing buckets is not supported. Default: no default retention period
         :param object_lock_enabled: Enable object lock on the bucket. Enabling object lock for existing buckets is not supported. Object lock must be enabled when the bucket is created. Default: false, unless objectLockDefaultRetention is set (then, true)
-        :param object_ownership: The objectOwnership of the bucket. Default: - No ObjectOwnership configuration, uploading account will own the object.
+        :param object_ownership: The objectOwnership of the bucket. Default: - No ObjectOwnership configuration. By default, Amazon S3 sets Object Ownership to ``Bucket owner enforced``. This means ACLs are disabled and the bucket owner will own every object.
         :param public_read_access: Grants public read access to all objects in the bucket. Similar to calling ``bucket.grantPublicAccess()`` Default: false
         :param removal_policy: Policy to apply when the bucket is removed from this stack. Default: - The bucket will be orphaned.
         :param server_access_logs_bucket: Destination bucket for the server access logs. Default: - If "serverAccessLogsPrefix" undefined - access logs disabled, otherwise - log to current bucket.
@@ -19361,6 +19408,7 @@ class Bucket(
             metrics=metrics,
             minimum_tls_version=minimum_tls_version,
             notifications_handler_role=notifications_handler_role,
+            notifications_skip_destination_validation=notifications_skip_destination_validation,
             object_lock_default_retention=object_lock_default_retention,
             object_lock_enabled=object_lock_enabled,
             object_ownership=object_ownership,
@@ -19713,7 +19761,7 @@ class Bucket(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__10798637aab1875b3bf2e274b42cec4e14584bbf542724bbdf98ab697c8fdf68)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "autoCreatePolicy", value)
+        jsii.set(self, "autoCreatePolicy", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="disallowPublicAccess")
@@ -19726,7 +19774,7 @@ class Bucket(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__9c28a6c819a753d85a34d358b6f42613072c93deab766ea0a865ed09f7a51085)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "disallowPublicAccess", value)
+        jsii.set(self, "disallowPublicAccess", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="policy")
@@ -19743,7 +19791,7 @@ class Bucket(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__afd8c4da1d866abcdc76879948bb11bd5a21a374e5ebf1e4445208dec1df8f2e)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "policy", value)
+        jsii.set(self, "policy", value) # pyright: ignore[reportArgumentType]
 
 
 __all__ = [
@@ -19933,6 +19981,7 @@ def _typecheckingstub__f2ff878f2dca3dd037442155369c2fcc7bd194425c0967a7fd7bfa576
     metrics: typing.Optional[typing.Sequence[typing.Union[BucketMetrics, typing.Dict[builtins.str, typing.Any]]]] = None,
     minimum_tls_version: typing.Optional[jsii.Number] = None,
     notifications_handler_role: typing.Optional[_IRole_235f5d8e] = None,
+    notifications_skip_destination_validation: typing.Optional[builtins.bool] = None,
     object_lock_default_retention: typing.Optional[ObjectLockRetention] = None,
     object_lock_enabled: typing.Optional[builtins.bool] = None,
     object_ownership: typing.Optional[ObjectOwnership] = None,
@@ -21915,6 +21964,12 @@ def _typecheckingstub__379a88b5f70f3d0bcea4ef03e8d2e7c8d8bf62a080e3ea71e8d2c12af
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__42e85b6923bfd67ab8a552353ddd2926a9f375ed612e3f505a0edb6ab7b88ef0(
+    value: typing.Optional[builtins.bool],
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__7b774af5b2b1e2ee5e0028e8447eaa4ff4997a31be4ec32c1d4c40be3a26fcd9(
     value: typing.Optional[ObjectOwnership],
 ) -> None:
@@ -21959,6 +22014,7 @@ def _typecheckingstub__25f24cbf29544d9c579e765350a7b51ec4ec81bc2cc07a21660738a1e
     metrics: typing.Optional[typing.Sequence[typing.Union[BucketMetrics, typing.Dict[builtins.str, typing.Any]]]] = None,
     minimum_tls_version: typing.Optional[jsii.Number] = None,
     notifications_handler_role: typing.Optional[_IRole_235f5d8e] = None,
+    notifications_skip_destination_validation: typing.Optional[builtins.bool] = None,
     object_lock_default_retention: typing.Optional[ObjectLockRetention] = None,
     object_lock_enabled: typing.Optional[builtins.bool] = None,
     object_ownership: typing.Optional[ObjectOwnership] = None,