diff --git a/packages/@aws-cdk/mixins-preview/lib/services/aws-logs/logs-delivery.ts b/packages/@aws-cdk/mixins-preview/lib/services/aws-logs/logs-delivery.ts
index c3f1b18cee3bd..d5a53bcc282da 100644
--- a/packages/@aws-cdk/mixins-preview/lib/services/aws-logs/logs-delivery.ts
+++ b/packages/@aws-cdk/mixins-preview/lib/services/aws-logs/logs-delivery.ts
@@ -41,6 +41,20 @@ export interface ILogsDelivery {
   bind(scope: IConstruct, deliverySource: logs.IDeliverySourceRef, sourceResourceArn: string): ILogsDeliveryConfig;
 }
 
+/**
+ * S3 Vended Logs Permissions version.
+ */
+export enum S3LogsDeliveryPermissionsVersion {
+  /**
+   * V1
+   */
+  V1 = 'V1',
+  /**
+   * V2
+   */
+  V2 = 'V2',
+}
+
 /**
  * Props for S3LogsDelivery
  */
@@ -51,7 +65,7 @@ export interface S3LogsDeliveryProps {
    *
    * @default "V2
    */
-  readonly permissionsVersion?: 'V1' | 'V2';
+  readonly permissionsVersion?: S3LogsDeliveryPermissionsVersion;
 }
 
 /**
diff --git a/packages/@aws-cdk/mixins-preview/test/services/aws-logs/logs-delivery.test.ts b/packages/@aws-cdk/mixins-preview/test/services/aws-logs/logs-delivery.test.ts
index 4b99db707981a..62c3be63f83ca 100644
--- a/packages/@aws-cdk/mixins-preview/test/services/aws-logs/logs-delivery.test.ts
+++ b/packages/@aws-cdk/mixins-preview/test/services/aws-logs/logs-delivery.test.ts
@@ -5,7 +5,7 @@ import { AccountRootPrincipal, Effect, PolicyDocument, PolicyStatement, Role, Se
 import { DeliveryStream, S3Bucket } from 'aws-cdk-lib/aws-kinesisfirehose';
 import { CfnDeliverySource, LogGroup, ResourcePolicy, RetentionDays } from 'aws-cdk-lib/aws-logs';
 import { Secret } from 'aws-cdk-lib/aws-secretsmanager';
-import { FirehoseLogsDelivery, LogGroupLogsDelivery, S3LogsDelivery, XRayLogsDelivery } from '../../../lib/services/aws-logs';
+import { FirehoseLogsDelivery, LogGroupLogsDelivery, S3LogsDelivery, S3LogsDeliveryPermissionsVersion, XRayLogsDelivery } from '../../../lib/services/aws-logs';
 
 // at the time of creating this test file S3 does not support Vended Logs on Buckets but this test pretends they do to make writing tests easier
 describe('S3 Delivery', () => {
@@ -77,7 +77,7 @@ describe('S3 Delivery', () => {
     });
 
     const s3Logs1 = new S3LogsDelivery(bucket, {
-      permissionsVersion: 'V2',
+      permissionsVersion: S3LogsDeliveryPermissionsVersion.V2,
     });
     s3Logs1.bind(source1, deliverySource1, source1.bucketArn);
 
@@ -89,7 +89,7 @@ describe('S3 Delivery', () => {
   test('creates policy with V1 permissions if specified', () => {
     const bucket = new Bucket(stack, 'Destination');
     const s3Logs = new S3LogsDelivery(bucket, {
-      permissionsVersion: 'V1',
+      permissionsVersion: S3LogsDeliveryPermissionsVersion.V1,
     });
     s3Logs.bind(source, deliverySource, source.bucketArn);
 
@@ -207,7 +207,7 @@ describe('S3 Delivery', () => {
   test('creates policy with V2 permissions if specified', () => {
     const bucket = new Bucket(stack, 'Destination');
     const s3Logs = new S3LogsDelivery(bucket, {
-      permissionsVersion: 'V2',
+      permissionsVersion: S3LogsDeliveryPermissionsVersion.V2,
     });
     s3Logs.bind(source, deliverySource, source.bucketArn);