diff --git a/aws/projects/ditd-darhts/s3.md b/aws/projects/ditd-darhts/s3.md
new file mode 100644
index 00000000..e24b8046
--- /dev/null
+++ b/aws/projects/ditd-darhts/s3.md
@@ -0,0 +1,11 @@
+# DARHTS/DAPPS S3 Bucket Data Exchange
+
+1. per environment (dev, test, ite, uat, qa, stage, prod, needs to be listed)
+1. setup 3 buckets: in, clean, quarantine
+1. buckets use guardduty s3
+1. in bucket will be accessed from a diff govcloud account (darhts), ideally through a cross account role
+   * they asked for service account, I want to push back on that
+1. after scan, lambda kicks in via event bridge
+   * if tagged with clean, moved to clean bucket
+   * if somethign else, move to quarantine
+1. so we can get the requirements fully documented