...
Login to the AWS Management Console at https://console.aws.amazon.com
Navigate to S3 service.
Choose Create bucket.
In Bucket name, enter a DNS-compliant name for your bucket.
In Region, choose the AWS Region where bucket reside.
Under Object Ownership, to enable/disable ACLs, Choose Bucket owner enforced/Bucket owner preferred respectively.
In Bucket settings for Block Public Access, choose the Block Public Access settings.
To enable S3 Object Lock, Choose Advanced settings, and read the message that appears, enter enable in the text box and choose Confirm.
Choose Create bucket.
Configure Object Lock’s Legal hold , if required.
Configure Object Lock’s retention period.
Navigate to CloudTrail service. Select Trails.
Select the trail reported to configure.
In General details, choose Edit.
Choose Browse.
Under Trail log bucket name, select the newly created S3 bucket, and click Choose.
If prefix is need for objects, Specify Trail log bucket name, select the newly created S3 bucket, and click Choose.
If Prefix is needed for object, specify a prefix.
Choose Save changes to apply the changes.
Important:
Object Lock can be enabled only for new buckets. To turn on Object Lock for an existing bucket, contact AWS Support.
A bucket with Object Lock enabled automatically enables versioning for the bucket.
When a bucket is created with Object Lock enabled, Object Lock can’t be disabled or suspend versioning for the bucket.
Object locks apply to individual object versions only. If an object is placed in a bucket that has a default retention period, and don't explicitly specify a retention period for that object, S3 creates the object with a retention period that matches the bucket default. After the object is created, its retention period is independent from the bucket's default retention period. Changing a bucket's default retention period doesn't change the existing retention period for any objects in that bucket.
...