diff --git a/source/runbooks/enabling-s3-malware-protection.html.md.erb b/source/runbooks/enabling-s3-malware-protection.html.md.erb
new file mode 100644
index 0000000000..7f530403c9
--- /dev/null
+++ b/source/runbooks/enabling-s3-malware-protection.html.md.erb
@@ -0,0 +1,54 @@
+---
+owner_slack: "#modernisation-platform"
+title: Enabling Malware Protection for S3
+last_reviewed_on: 2024-11-25
+review_in: 6 months
+---
+
+<!-- Google tag (gtag.js) -->
+<script async src="https://www.googletagmanager.com/gtag/js?id=G-NXTCMQ7ZX6"></script>
+<script>
+  window.dataLayer = window.dataLayer || [];
+  function gtag(){dataLayer.push(arguments);}
+  gtag('js', new Date());
+  gtag('config', 'G-NXTCMQ7ZX6');
+</script>
+
+# <%= current_page.data.title %>
+
+## Enabling Malware Protection for Amazon S3
+
+[AWS Malware Protection for S3](https://docs.aws.amazon.com/guardduty/latest/ug/gdu-malware-protection-s3.html) provides advanced scanning for newly uploaded objects in your S3 buckets for potential malware, providing an added layer of protection for your data. 
+
+---
+### Configuration Overview
+
+All Modernisation Platform accounts have GuardDuty enabled by default, which includes S3 Protection. However, **Malware Protection for S3** must be configured at the account level. This configuration allows you to specify which S3 buckets should be scanned for malware.
+
+
+---
+### Steps to Enable Malware Protection for S3 with Terraform for your account
+
+1. **Define the Buckets to Protect**  
+   Begin by identifying the S3 buckets you want to enable malware protection for. Specify these buckets in your Terraform configuration as a variable or input list.
+
+2. **Create a Malware Protection Plan**  
+   Set up a resource in Terraform to enable malware protection for each bucket in your list. This involves linking each bucket to a protection plan and ensuring that tagging or logging settings are properly configured for each bucket.
+
+3. **Assign IAM Permissions**  
+   Reference the `MemberInfrastructureAccess` IAM role, which provides GuardDuty the necessary permissions to access and scan the specified S3 buckets.
+
+4. **Raise a PR for the Configuration**  
+   Deploy your Terraform configuration. Validate your setup by running `terraform plan` to confirm the changes. Once validated, raise a Pull Request for review and approval to apply the configuration and enable malware protection for the specified buckets.
+
+5. **Verify the Deployment**  
+   After applying the configuration, confirm that malware protection has been successfully enabled for the specified buckets by reviewing your GuardDuty settings or checking for findings related to malware scanning. 
+
+By following these steps, you can  enable Malware Protection for S3 using Terraform, ensuring a scalable and automated approach to securing your S3 buckets.
+
+---
+### Example Implementation
+
+An example of enabling Malware Protection for S3 can be found [here](https://github.com/ministryofjustice/modernisation-platform-environments/blob/main/terraform/environments/example/s3_malware_protection.tf).
+
+---