diff --git a/cmd/examples/aws-signer-image-verification/payload.json b/cmd/examples/aws-signer-image-verification/payload.json
new file mode 100644
index 0000000..bb50586
--- /dev/null
+++ b/cmd/examples/aws-signer-image-verification/payload.json
@@ -0,0 +1,42 @@
+{
+   "containerDefinitions": [ 
+      { 
+         "command": [
+            "/bin/sh -c \"echo '<html> <head> <title>Amazon ECS Sample App</title> <style>body {margin-top: 40px; background-color: #333;} </style> </head><body> <div style=color:white;text-align:center> <h1>Amazon ECS Sample App</h1> <h2>Congratulations!</h2> <p>Your application is now running on a container in Amazon ECS.</p> </div></body></html>' >  /usr/local/apache2/htdocs/index.html && httpd-foreground\""
+         ],
+         "entryPoint": [
+            "sh",
+            "-c"
+         ],
+         "essential": true,
+         "image": "844333597536.dkr.ecr.us-west-2.amazonaws.com/kyverno-demo:v1",
+         "logConfiguration": { 
+            "logDriver": "awslogs",
+            "options": { 
+               "awslogs-group" : "/ecs/fargate-task-definition",
+               "awslogs-region": "us-east-1",
+               "awslogs-stream-prefix": "ecs"
+            }
+         },
+         "name": "sample-fargate-app",
+         "portMappings": [ 
+            { 
+               "containerPort": 80,
+               "hostPort": 80,
+               "protocol": "tcp"
+            }
+         ]
+      }
+   ],
+   "cpu": "256",
+   "executionRoleArn": "arn:aws:iam::012345678910:role/ecsTaskExecutionRole",
+   "family": "fargate-task-definition",
+   "memory": "512",
+   "networkMode": "awsvpc",
+   "runtimePlatform": {
+        "operatingSystemFamily": "LINUX"
+    },
+   "requiresCompatibilities": [ 
+       "FARGATE" 
+    ]
+}
diff --git a/cmd/examples/aws-signer-image-verification/policy.yaml b/cmd/examples/aws-signer-image-verification/policy.yaml
new file mode 100644
index 0000000..5f26618
--- /dev/null
+++ b/cmd/examples/aws-signer-image-verification/policy.yaml
@@ -0,0 +1,50 @@
+
+apiVersion: nirmata.io/v1alpha1
+kind: ImageVerificationPolicy
+metadata:
+  name: test
+spec:
+  rules:
+    - name: external-api
+      match: 
+        any:
+          - (length(containerDefinitions) > `0`): true
+      context:
+      - name: tlscerts
+        apiCall:
+          urlPath: "/api/v1/namespaces/kyverno-notation-aws/secrets/svc.kyverno-notation-aws.svc.tls-pair"
+          jmesPath: "base64_decode( data.\"tls.crt\" )"
+      imageExtractors:
+        - name: test
+          path: /containerDefinitions/*/image/
+      verify:
+      - imageReferences: ghcr.io/kyverno/test-verify-image*
+        externalService:
+        - apiCall:
+            method: POST
+            data:
+            - key: images
+              value: "{{images}}"
+            - key: imageReferences
+              value: 
+              - "844333597536.dkr.ecr.us-west-2.amazonaws.com*"
+            - key: attestations
+              value: 
+              - imageReference: "*"
+                type: 
+                - name: sbom/example
+                  conditions:
+                    all:
+                    - key: \{{creationInfo.licenseListVersion}}
+                      operator: Equals
+                      value: "3.17"
+                      message: invalid license version
+            service:
+              url: https://svc.kyverno-notation-aws/checkimages
+              caBundle: '{{ tlscerts }}'
+          conditions:
+          - all:
+            - key: "{{ verified }}"
+              operator: Equals
+              value: true
+              message: aws signer verification failed