AWS Certificate Manager Private Certificate Authority
User Guide (Version latest)

Configure Amazon S3 to Allow Creation of a CRL Bucket.

Your private CA may fail to create a CRL bucket if Amazon S3 block public access settings are enforced on your account. Check your Amazon S3 settings if this occurs. For more information, see Using Amazon S3 Block Public Access.