I let AI bots read my content, then figured out how to charge them πŸ€–πŸ’Έ A developer at First Step Technology deployed AI Traffic Monetization on AWS to charge AI bots for crawling content, using the API/CLI-only feature after discovering the WAF console lacks the monetize action. The developer also resolved a remote disk unlock issue with dropbear-initramfs by converting SSH keys to the required format. I let AI bots read my content, then figured out how to charge them πŸ€–πŸ’Έ A build-in-public story about AWS, encrypted disks that fight back, and teaching a compliance framework to talk to an AI agent Okay so here's the thing nobody tells you about launching a compliance advisory business: at some point you end up in a terminal at 11pm arguing with a Mac Mini about a LUKS passphrase. This is that story. 🫠 πŸ—οΈ The setup I run First Step Technology, a cybersecurity/compliance advisory shop. I also, apparently, cannot help myself when it comes to "let's just build the infrastructure instead of paying someone else to." So ComplianceFirst.io went from idea to fully live AWS deployment: CloudFront + S3, layered WAF IP reputation, OWASP core rules, known-bad-inputs, Bot Control , least-privilege IAM split between a console admin identity and a scoped CLI deployer. Standard stuff, mostly. Then I found out AWS shipped something wild: AI Traffic Monetization . You can literally charge AI bots β€” GPTBot, ClaudeBot, PerplexityBot, the whole crew β€” for crawling your content. Real USDC settlement via the x402 protocol, through Coinbase's developer platform. I was not going to let that sit unused. πŸ‘€ 🧱 The console doesn't have the button you're looking for Here's a fun one for anyone who's tried this: the AWS WAF console straight up does not expose the Monetize action anywhere in the visual rule builder. Allow, Block, Count, CAPTCHA, Challenge β€” that's it. I spent way too long convinced I was missing a button. Turns out the feature is real, it's just API/CLI-only right now. So instead of clicking, I ended up: aws wafv2 update-web-acl --generate-cli-skeleton skeleton.json grep -A 10 '"Monetize"' skeleton.json …and built the rule directly against the real, live API schema instead of trusting a blog post including mine, going forward β€” always verify against --generate-cli-skeleton , don't trust docs that might be stale . Turns out PriceMultiplier wants a whole number 1-100 as a percentage , not a decimal like I first assumed. AWS's own validation error caught that one for me. πŸ™ { "Name": "monetize-verified-ai-bots", "Statement": { "LabelMatchStatement": { "Scope": "LABEL", "Key": "awswaf:managed:aws:bot-control:bot:category:ai" } }, "Action": { "Monetize": { "PriceMultiplier": "100" } } } Ran it in test mode on Base Sepolia first, obviously. Within a day: 141 real requests from GPTBot, ChatGPT-User, ClaudeBot, Bytespider, Perplexity, Meta's crawler, Cohere. Real companies, real traffic, all correctly labeled and ready to monetize once I flip to mainnet. πŸŽ‰ πŸ” Then the Mac Mini decided to fight me Separate project, same week: standing up a third machine for internal docs + a compliance data pipeline. Full-disk LUKS encryption, because obviously β€” it's going to hold client compliance data eventually. Problem: encrypted disks don't unlock themselves, and this machine is headless. Enter dropbear-initramfs β€” a tiny SSH server that runs before the real OS even boots, so you can unlock the disk remotely instead of walking over with a keyboard every single reboot. I set it up. It "worked." Then it didn't. ssh root@ip β†’ connection refused β†’ dropbear clearly starting on screen β†’ nothing listening. Spent a chunk of time convinced it was a networking issue. It wasn't. The actual bug: dropbear can't read standard OpenSSH-format private keys. It needs its own binary format. My first pass just did a plain cp of the host key β€” which looks like it works, right up until dropbear tries to actually parse it and chokes. sudo dropbearconvert openssh dropbear \ /etc/ssh/ssh host ed25519 key \ /etc/dropbear/initramfs/dropbear ed25519 host key One command. That was it. Also found a sneaky trailing space in /etc/initramfs-tools/initramfs.conf on the DEVICE= line that wasn't helping. Config files really do just sit there quietly wrecking your day. 😀 πŸ“œ Turning a PDF into something an AI agent can actually use The actual point of that machine: a pipeline that pulls real NVD vulnerability data and NIST framework controls, then converts each requirement into structured JSON with plain-English guidance an AI coding assistant can act on. python def generate agent rule control id, framework : pulls the stored control, wraps it with agent-readable guidance, saves to SQLite ... Real output, for real control 3.1.1 of NIST SP 800-171: { "control id": "3.1.1", "requirement": "Limit system access to authorized users...", "agent guidance": "When generating or reviewing code/infrastructure, ensure compliance with control 3.1.1... Flag any implementation that does not satisfy: Limit system access to authorized users..." } Drop that into Claude Projects or a Copilot instructions file, and your AI assistant starts reasoning about compliance gaps while you're writing code , instead of everyone finding out three weeks before an audit. 110 controls done for CMMC Level 2, 15 more for CMMC Level 1 fun fact: that one's not even a NIST framework, it maps to a completely different source, FAR 52.204-21 β€” learned that the hard way when NIST's own catalog search came up empty . Important caveat I'm putting in writing for anyone building something similar: this isn't a scanner. It doesn't background-sweep your repo. It's context that makes your AI's reasoning better informed β€” think "editor with a style guide," not "automated compliance certification." Setting that expectation correctly with clients matters a lot more than the tech itself. 🎯 What I'd tell someone starting this --generate-cli-skeleton before assuming you're wrong cp -ing a key file between two tools that both technically "use SSH keys" is not a safe assumption β€” formats differAnyway. Bots are reading my compliance articles and will soon be paying for the privilege, and my Mac Mini finally unlocks itself like a reasonable adult. Building in public is chaotic but I'm here for it. πŸš€ aws buildinpublic cybersecurity compliance selfhosted linux