When creating a protected bucket (a bucket containing data which will be served through the distribution API), make sure to enable S3 server access logging. See S3 Server Access Logging for more details.
$ aws s3api create-bucket \
--bucket foobar-internal \
--region us-west-2 \
create-bucket-configuration arguments are only necessary if you are creating a bucket outside of the
Please note security settings and other bucket options can be set via the options listed in the
Repeat the above step for each bucket to be created.
If you prefer to use the AWS web interface instead of the command line, see AWS "Creating a Bucket" documentation.