The steps to enable cross-region replication from the CLI can be summarized as follows:

1. Create a role that can be assumed by S3, with a permissions policy with the s3:Get* and s3:ListBucket actions for the source bucket and objects, and the s3:ReplicateObject, s3:ReplicateDelete, s3:ReplicateTags, and s3:GetObjectVersionTagging actions for the destination bucket objects. 
2. Create (or update) a replication configuration for the bucket using the aws s3api put-bucket-replication command providing a replication configuration JSON.

Complete CLI commands and policy JSON files are available with the code files.

Let's quickly go through some more details related to S3 cross-region replication:

• Cross-region replication is done via SSL. 
• Only objects that were added after enabling cross-region replication are replicated.
• If the source bucket owner does not have read object or read ACL permission, objects are not replicated.
• By default, the source object's ACLs are replicated. However, changing ownership to the destination bucket owner can be configured.
• Objects with SSE-C encryption are not currently replicated. 
• To replicate objects with SSE-KMS encryption, we need to provide one or more KMS keys as required for S3 to decrypt the objects. KMS requests related to S3 in the source and destination regions can cause us to exceed the KMS request limit for our account. We can request an increase in our KMS request limit from AWS.
• Since replication happens asynchronously, it might take some time (even up to hours for larger objects) to replicate. 
• Sub-resource changes are not currently replicated. For example, automated life cycle management rules are not replicated. However, we can configure a change in the current storage class of the object during replication. 
• We cannot replicate from a replica bucket.
• Deleting a version in the source bucket does not delete the version in the destination bucket. This adds additional protection to data. A delete marker was replicated with the old schema if DeleteMarkerReplication is enabled. However, the new schema does not support delete marker replication, which would prevent any delete actions from replicating.