Object Lock restrictions

Hi,

Trying to find a way to protect us from a situation that a user will create a bucket using API with 

x-amz-bucket-object-lock-enabled = true

We want to limit the creation of object locked buckets to our portal (more control) 

I cant see a way to limit the above within IAM and using DENY with condition so I need to find other way.