[Windows] Add checksum verification for AWS SAM CLI (#8316)

images/win/scripts/Installers/Install-AWS.ps1

@@ -1,6 +1,7 @@
 ################################################################################
 ##  File:  Install-AWS.ps1
 ##  Desc:  Install AWS tools(AWS CLI, Session Manager Plugin for the AWS CLI, AWS SAM CLI)
+##  Supply chain security: AWS CLI - managed by package manager, Session Manager Plugin for the AWS CLI - missing, AWS SAM CLI - checksum validation
 ################################################################################
 
 # Install AWS CLI
@@ -13,6 +14,16 @@ Install-Binary -Url $sessionManagerUrl -Name $sessionManagerName -ArgumentList (
 $env:Path = $env:Path + ";$env:ProgramFiles\Amazon\SessionManagerPlugin\bin"
 
 # Install AWS SAM CLI
-Install-Binary -Url "https://github.com/awslabs/aws-sam-cli/releases/latest/download/AWS_SAM_CLI_64_PY3.msi" -Name "AWS_SAM_CLI_64_PY3.msi"
+$packageName = "AWS_SAM_CLI_64_PY3.msi"
+$packageUrl = "https://github.com/awslabs/aws-sam-cli/releases/latest/download/$packageName"
+$packagePath = Start-DownloadWithRetry -Url $packageUrl -Name $packageName
+
+#region Supply chain security - AWS SAM CLI
+$fileHash = (Get-FileHash -Path $packagePath -Algorithm SHA256).Hash
+$externalHash = Get-HashFromGitHubReleaseBody -RepoOwner "awslabs" -RepoName "aws-sam-cli" -FileName $packageName
+Use-ChecksumComparison $fileHash $externalHash
+#endregion
+
+Install-Binary -FilePath $packagePath
 
 Invoke-PesterTests -TestFile "CLI.Tools" -TestName "AWS"