diff --git a/README.md b/README.md
new file mode 100644
index 00000000..ed7051af
--- /dev/null
+++ b/README.md
@@ -0,0 +1,9 @@
+# tf-kyverno
+
+```console
+# create a plan
+terraform plan -out=tf.plan
+
+# show plan in json
+terraform show -json tf.plan > tf.plan.json
+```
\ No newline at end of file
diff --git a/policy.yaml b/policy.yaml
new file mode 100644
index 00000000..d48f8dd0
--- /dev/null
+++ b/policy.yaml
@@ -0,0 +1,16 @@
+apiVersion: tf.kyverno.io/v1
+kind: Policy
+metadata:
+  name: require-label
+spec:
+  rules:
+    - name: require-label
+      match:
+        any:
+        - type: aws_s3_bucket
+      validate:
+        message: 'A team tag is required for all S3 buckets'
+        pattern:
+          values:
+            tags:
+              team: ?*
diff --git a/s3.tf b/s3.tf
new file mode 100644
index 00000000..a52a385a
--- /dev/null
+++ b/s3.tf
@@ -0,0 +1,17 @@
+provider "aws" {
+  region                      = "eu-west-1"
+  skip_credentials_validation = true
+  skip_requesting_account_id  = true
+  skip_metadata_api_check     = true
+  access_key                  = "mock_access_key"
+  secret_key                  = "mock_secret_key"
+}
+
+resource "aws_s3_bucket" "example" {
+  bucket = "my-tf-test-bucket"
+
+  tags = {
+    Name        = "My bucket"
+    Environment = "Dev"
+  }
+}
\ No newline at end of file