diff --git a/src/content/docs/cloudflare-one/applications/scan-apps/casb-integrations/aws-s3.mdx b/src/content/docs/cloudflare-one/applications/scan-apps/casb-integrations/aws-s3.mdx
new file mode 100644
index 000000000000000..a9c2cf5502534b2
--- /dev/null
+++ b/src/content/docs/cloudflare-one/applications/scan-apps/casb-integrations/aws-s3.mdx
@@ -0,0 +1,125 @@
+---
+pcx_content_type: reference
+title: Amazon Web Services (AWS) S3
+rss: file
+---
+
+import { Render } from "~/components";
+
+
+
+:::note
+The CASB integration for AWS S3 only supports posture-related findings.
+:::
+
+## Integration prerequisites
+
+- An AWS account using AWS S3 (Simple Storage Service)
+- For initial setup, access to the AWS account with permission to create a new IAM Role with the scopes listed below.
+
+## Integration permissions
+
+For the AWS S3 integration to function, Cloudflare CASB requires the following access scopes via an IAM Role with cross-account access:
+
+- `s3:PutBucketNotification`
+- `s3:GetObject`
+- `s3:ListBucket`
+
+These permissions follow the principle of least privilege to ensure that only the minimum required access is granted. To learn more about each permission scope, refer to the [AWS S3 Permissions documentation](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-policy-actions.html).
+
+## Security findings
+
+
+
+### S3 Bucket security
+
+Flag security issues in S3 Buckets, including overpermissioning, access policies, and user security best practices.
+
+| Finding type | FindingTypeID | Severity |
+| -------------------------------------------------------- | -------------------------------------- | -------- |
+| S3 Bucket ACL Allows Any Authenticated User to Write | `09bc7d1f-e682-43bc-a4ce-e6e03b408244` | Critical |
+| S3 Bucket ACL Allows Any Authenticated User to Write ACP | `9392a460-c566-4e0d-b06b-01d87dc84d7c` | Critical |
+| S3 Bucket ACL Allows Public ACP Write | `5b792c7f-2546-4fcd-96dc-a58a53fea7e0` | Critical |
+| S3 Bucket ACL Allows Public Write | `f50ae197-fa0a-4caa-be95-79aed91eed63` | Critical |
+| S3 Bucket Policy Allows Any Authenticated User to Write | `70fe0596-28bc-41dd-a2c3-1486fb0fb1dd` | Critical |
+| S3 Bucket Policy Allows Public Write | `5e2aac4b-d8be-43dc-b324-84fdf63f760e` | Critical |
+| S3 Bucket Publicly Accessible | `6b1276e3-88e8-4150-a4d5-1b8273f11078` | Critical |
+| S3 Bucket ACL Allows Any Authenticated User to Read | `fda31c4d-24dc-43d4-8a84-a1a9e1df01a1` | High |
+| S3 Bucket ACL Allows Any Authenticated User to Read ACP | `7232e46b-3539-4080-b905-022f1091556c` | High |
+| S3 Bucket ACL Allows Public ACP Read | `e324242c-5feb-41a3-8d91-f70611471fad` | High |
+| S3 Bucket ACL Allows Public Read | `f8c9f979-29f0-4ada-b09e-a149937a55d4` | High |
+| S3 Bucket Policy Allows Any Authenticated User to Read | `c6b3a745-b535-45ea-b2c0-ba8a139ca634` | High |
+| S3 Bucket Policy Allows Public Read | `f3915412-eef9-47d9-8448-e04462de8ba2` | High |
+| S3 Bucket Without MFA Delete Enabled | `f108bd28-9870-453f-a439-01818e85bdc7` | High |
+| S3 Bucket Without Server-Side Encryption (SSE) | `7817b383-79c3-44ca-8d5d-e01748afe75b` | High |
+| S3 Bucket Encryption in Transit Disabled | `0b3227dd-63d3-46bc-97b3-e62d9c11567a` | Medium |
+| S3 Bucket MFA Delete Disabled | `518697ff-3f7e-463e-acf3-79d106599f0e` | Medium |
+| S3 Bucket ACL Allows Public List | `e3c8a170-7817-4151-bd01-55442f4416ea` | Medium |
+| S3 Bucket Objects Can Be Public | `0ff170dc-be6b-46fa-a1cf-95ca7d067f4b` | Medium |
+| S3 Bucket Policy Allows Any Authenticated AWS User | `264be783-7fe1-4f50-aee7-d8df370b7b77` | Medium |
+| S3 Bucket Policy Allows Any Authenticated User to Delete | `4431eaeb-63e3-43c1-a4bc-029f09da66fd` | Medium |
+| S3 Bucket Policy Allows Any Authenticated User to List | `319c9715-b86d-4215-bdfa-c5d9b3a5cc83` | Medium |
+| S3 Bucket Policy Allows Public Delete | `bbbeacbc-6692-4121-a785-d634da1e5c56` | Medium |
+| S3 Bucket Policy Allows Public List | `f7ae03e3-1303-4404-b6f5-a7f97e52105e` | Medium |
+| S3 Bucket Server Side Encryption Disabled | `d69ab398-fba8-4e71-bf49-60af48d00cbc` | Medium |
+| S3 Bucket Without Access Logging | `67d0995d-7b4a-40c5-a43f-7a98d20faac6` | Medium |
+| S3 Bucket Without AWS CloudTrail Logging | `89366ebe-ca0b-45fc-a9cb-135674e0a49b` | Medium |
+| S3 Bucket Without Cross-Region Replication | `d4e5c815-33e3-4a01-b852-fe040d51ee55` | Medium |
+| S3 Bucket Without Default Encryption | `fb7a41af-294c-4e9b-a6ca-a1fed35542d6` | Medium |
+| S3 Bucket Without Lifecycle Policies | `2df6f1b8-e41c-4ab5-a466-992ce485a367` | Medium |
+| S3 Bucket Without Object-Level Logging | `9af2594c-3999-49c9-bd3d-2f4b091f99c0` | Medium |
+| S3 Bucket Without Replication Enabled | `cb61ef18-a498-456c-985c-78a45e19f4fe` | Medium |
+| S3 Bucket Without Versioning Enabled | `95e1284f-a514-4396-bf64-cd003818790c` | Medium |
+| S3 Bucket Access Logging Disabled | `84ba76fa-4703-490e-ab75-1b554993c054` | Low |
+| S3 Bucket Lifecycle Disabled | `970d2ca8-e189-42a8-8e86-9f674fcb1aea` | Low |
+| S3 Bucket Policy Not Existent | `3e1d0535-d82f-4ed1-9664-d2c50905db17` | Low |
+| S3 Bucket Versioning Disabled | `4e976e0d-b545-4c4a-99c5-a2f5d9a6f3d8` | Low |
+
+### IAM Policies
+
+Identify AWS IAM-related security issues that could affect S3 Bucket and Object security.
+
+| Finding type | FindingTypeID | Severity |
+| --------------------------------------------------------------- | -------------------------------------- | -------- |
+| IAM Account Password Policy Does Not Exist | `e39ee4da-eed5-49d0-95f7-b423884b858c` | Critical |
+| IAM Account Password Policy Doesn't Require Lowercase Letters | `9278444b-0c38-4ed0-8127-f3f25444811c` | High |
+| IAM Account Password Policy Doesn't Require Passwords to Expire | `5be79a96-4570-45cf-8ba3-1abe62802d16` | High |
+| IAM Account Password Policy Doesn't Require Symbols | `dd17afa3-4d4c-49e4-84c3-e829af9fff97` | High |
+| IAM Account Password Policy Doesn't Require Uppercase Letters | `e4976e53-bab5-4276-a1d3-1d85ebfd4d57` | High |
+| IAM Account Password Policy Max Age is greater than 90 days | `4e1092a0-7092-405f-a991-537d8c371440` | High |
+| IAM Account Password Policy Minimum Length is less than 8 | `2a2fa181-7beb-48ba-bc8d-8f1170c6062c` | High |
+| IAM Account Password Policy Re-use Prevention is less than 5 | `a4791a20-373f-44d3-9f6e-e61f1685fe05` | High |
+| IAM Role with Cross-Account Access | `8de72710-b23a-4d94-915e-26ef7249d21e` | High |
+| IAM Access Key Inactive over 90 Days | `37d1adb1-8e37-4708-a849-e06945c60802` | Medium |
+| IAM Access Key Not Rotated over 90 Days | `d2caf571-4c99-4da7-a21c-4384f8cb4e5c` | Medium |
+| IAM User Console Login Inactive Over 90 Days | `82b50a4d-8582-4766-9bad-f41b441bf336` | Medium |
+| IAM User MFA Disabled | `4679563f-5975-4c68-9dbf-896810ec8de9` | Medium |
+| IAM User Password Older Than 90 Days | `c5376384-e4e4-4b2c-af84-12d6740939f0` | Medium |
+| IAM Account Password Policy Doesn't Require Numbers | `15c65813-c7e6-4b22-95b3-b3942c8b8924` | Low |
+
+### Root User Management
+
+Detect security issues related to the use of an IAM Root User, which has the ability to access and configure important settings.
+
+| Finding type | FindingTypeID | Severity |
+| ------------------------------------------------- | -------------------------------------- | -------- |
+| AWS Root User Access Key Used within Last 90 Days | `9d23c002-aece-42b5-b082-2b51fab8d7c1` | Critical |
+| AWS Root User has Access Keys | `1b788d31-ed56-4008-b136-6993f38e4d1c` | Critical |
+| AWS Root User Logged in within Last 90 Days | `e9959d6e-edc9-4ea3-9113-3c30b02a811e` | Critical |
+| AWS Root User MFA Disabled | `19abe0ee-e8bd-4e3b-9ee9-ea5c64fe769c` | Critical |
+
+### Certificates
+
+Catch certificate-related issues and risks to prevent malicious compromise of internal resources.
+
+| Finding type | FindingTypeID | Severity |
+| -------------------------------------- | -------------------------------------- | -------- |
+| ACM Certificate Expired | `30ce0a22-eb3d-457d-bc59-6468f9bb4c4f` | Critical |
+| ACM Certificate Has Domain Wildcard | `d313bc0c-a2fb-41d8-b5a8-ef2704bb5570` | High |
+| ACM Certificate Expires within 30 days | `cd93f2c1-9b07-4e6c-964c-79f3a64d56ac` | Medium |
diff --git a/src/content/docs/cloudflare-one/applications/scan-apps/casb-integrations/index.mdx b/src/content/docs/cloudflare-one/applications/scan-apps/casb-integrations/index.mdx
index e41db01e6e37174..fb7d46a01ec9534 100644
--- a/src/content/docs/cloudflare-one/applications/scan-apps/casb-integrations/index.mdx
+++ b/src/content/docs/cloudflare-one/applications/scan-apps/casb-integrations/index.mdx
@@ -7,6 +7,7 @@ sidebar:
You can integrate the following SaaS applications with Cloudflare CASB:
+- [Amazon Web Services (AWS) S3](/cloudflare-one/applications/scan-apps/casb-integrations/aws-s3/)
- [Atlassian Confluence](/cloudflare-one/applications/scan-apps/casb-integrations/atlassian-confluence/)
- [Atlassian Jira](/cloudflare-one/applications/scan-apps/casb-integrations/atlassian-jira/)
- [Bitbucket Cloud](/cloudflare-one/applications/scan-apps/casb-integrations/bitbucket-cloud/)
diff --git a/src/content/docs/cloudflare-one/applications/scan-apps/index.mdx b/src/content/docs/cloudflare-one/applications/scan-apps/index.mdx
index 7b207964ed9aa60..c935c7974ec4eba 100644
--- a/src/content/docs/cloudflare-one/applications/scan-apps/index.mdx
+++ b/src/content/docs/cloudflare-one/applications/scan-apps/index.mdx
@@ -7,9 +7,10 @@ sidebar:
import { GlossaryTooltip, Render } from "~/components";
-:::note
+:::note[Availability]
+Available for all Zero Trust users.
-Only available on Enterprise plans.
+Free users can configure up to two CASB integrations. You must upgrade to an Enterprise plan to view the details of an individual finding instance.
:::
Cloudflare's API-driven Cloud Access Security Broker (CASB) scans SaaS applications for misconfigurations, unauthorized user activity, shadow IT, and other data security issues that can occur after a user has successfully logged in.