Use the ObjectFilterPrefix parameter and specify a prefix that is not in use. See Examples of notification configurations with invalid prefix/suffix overlapping for details.

Use the TriggerWithObjectCreatedEvent parameter to not bind the event to File Storage Security. Instead, trigger the scans by invoking the deployed BucketListenerLambda in storage stacks, either programmatically or by SNS topic subscription. The input event for BucketListenerLambda must be the whole S3 event message structure of s3:ObjectCreated:* event or the whole s3:ObjectCreated:* event delivered by SNS notification.