diff --git a/cmd/examples/aws-signer-image-verification/payload.json b/cmd/examples/aws-signer-image-verification/payload.json
new file mode 100644
index 0000000..bb50586
--- /dev/null
+++ b/cmd/examples/aws-signer-image-verification/payload.json
@@ -0,0 +1,42 @@
+{
+ "containerDefinitions": [
+ {
+ "command": [
+ "/bin/sh -c \"echo '
Amazon ECS Sample App Amazon ECS Sample App
Congratulations!
Your application is now running on a container in Amazon ECS.
' > /usr/local/apache2/htdocs/index.html && httpd-foreground\""
+ ],
+ "entryPoint": [
+ "sh",
+ "-c"
+ ],
+ "essential": true,
+ "image": "844333597536.dkr.ecr.us-west-2.amazonaws.com/kyverno-demo:v1",
+ "logConfiguration": {
+ "logDriver": "awslogs",
+ "options": {
+ "awslogs-group" : "/ecs/fargate-task-definition",
+ "awslogs-region": "us-east-1",
+ "awslogs-stream-prefix": "ecs"
+ }
+ },
+ "name": "sample-fargate-app",
+ "portMappings": [
+ {
+ "containerPort": 80,
+ "hostPort": 80,
+ "protocol": "tcp"
+ }
+ ]
+ }
+ ],
+ "cpu": "256",
+ "executionRoleArn": "arn:aws:iam::012345678910:role/ecsTaskExecutionRole",
+ "family": "fargate-task-definition",
+ "memory": "512",
+ "networkMode": "awsvpc",
+ "runtimePlatform": {
+ "operatingSystemFamily": "LINUX"
+ },
+ "requiresCompatibilities": [
+ "FARGATE"
+ ]
+}
diff --git a/cmd/examples/aws-signer-image-verification/policy.yaml b/cmd/examples/aws-signer-image-verification/policy.yaml
new file mode 100644
index 0000000..5f26618
--- /dev/null
+++ b/cmd/examples/aws-signer-image-verification/policy.yaml
@@ -0,0 +1,50 @@
+
+apiVersion: nirmata.io/v1alpha1
+kind: ImageVerificationPolicy
+metadata:
+ name: test
+spec:
+ rules:
+ - name: external-api
+ match:
+ any:
+ - (length(containerDefinitions) > `0`): true
+ context:
+ - name: tlscerts
+ apiCall:
+ urlPath: "/api/v1/namespaces/kyverno-notation-aws/secrets/svc.kyverno-notation-aws.svc.tls-pair"
+ jmesPath: "base64_decode( data.\"tls.crt\" )"
+ imageExtractors:
+ - name: test
+ path: /containerDefinitions/*/image/
+ verify:
+ - imageReferences: ghcr.io/kyverno/test-verify-image*
+ externalService:
+ - apiCall:
+ method: POST
+ data:
+ - key: images
+ value: "{{images}}"
+ - key: imageReferences
+ value:
+ - "844333597536.dkr.ecr.us-west-2.amazonaws.com*"
+ - key: attestations
+ value:
+ - imageReference: "*"
+ type:
+ - name: sbom/example
+ conditions:
+ all:
+ - key: \{{creationInfo.licenseListVersion}}
+ operator: Equals
+ value: "3.17"
+ message: invalid license version
+ service:
+ url: https://svc.kyverno-notation-aws/checkimages
+ caBundle: '{{ tlscerts }}'
+ conditions:
+ - all:
+ - key: "{{ verified }}"
+ operator: Equals
+ value: true
+ message: aws signer verification failed