AWS WAF now lets digital content owners charge AI bots and agents for access at the network edge. The new AI traffic monetization capability uses per-request pricing by content path, bot category, or verification tier, sends payments via an x402 protocol flow
When AI bots became the quiet majority of web traffic, many publishers kept paying the bill.
AWS says it’s closing that gap with a new feature in AWS WAF: AI traffic monetization. which gives digital content owners and publishers a way to charge AI bots and agents for access to protected web content directly at the network edge. With it. pricing can be set per request by content path. bot category. or verification tier—without modifying origin infrastructure or writing application code.
The company positions the feature as both policy and payment system. Content owners can define granular access rules per agent type, collect payments in stablecoins to their preferred wallet, and monitor revenue and bot activity from a single dashboard.
The push comes as AI traffic has surged. AWS says AI bot traffic now accounts for more than 50% of web traffic for many content providers. and that AI-specific crawlers have grown more than 300% year-over-year. Unlike traditional search engine crawlers. AWS says these AI bots consume content to generate summaries and responses in AI interfaces. with little to no traffic sent back to the original source. Publishers. in turn. bear the infrastructure costs of serving that traffic without the page views. ad impressions. or subscription conversions that typically offset those expenses.
AWS WAF Bot Control already gives customers visibility into bot activity and tools to block or rate-limit traffic. But AWS says setting pricing and collecting payment from AI agents was not possible until now. AI traffic monetization is described as the capability that closes that gap by letting publishers configure pricing rules through the AWS WAF console and collect payments from AI agents through third-party payment integrations—without building custom payment infrastructure or negotiating individual licensing agreements.
Payment settlement and verification flows are provided by Coinbase’s x402 Facilitator. AWS also points to an integration with Stripe for direct account payments, and says support for Machine Payments Protocol (MPP) is coming soon.
Before monetization can be configured. AWS says customers must confirm that AWS WAF Bot Control is enabled at Common or Targeted level on the web ACL associated with their CloudFront distribution. Bot Control is what provides the agent classification monetization rules depend on. If it’s not set up. AWS directs users to documentation on adding the AWS WAF Bot Control managed rule group to a web ACL.
In the AWS Management Console, the setup begins under WAF & Shield, then Protection packs (web ACLs). AWS says the protection pack is the core configuration unit for AI traffic monetization. A protection pack defines which content paths are monetized. what each agent verification tier is charged. which payment methods are accepted. and what license terms apply.
Creating a protection pack involves choosing Create protection pack (web ACL). selecting one or more app categories in “Tell us about your app” (AWS gives examples including Content & publishing systems. E-commerce & transaction platforms. or Enterprise & business applications). and selecting an App focus. AWS says it uses these selections to recommend suitable security protections.
Next comes “Select resources to protect. ” where users associate regional or global resources such as CloudFront distributions with the protection pack. AWS says this step can be skipped and resources can be added later. Then users choose “initial protections” from AWS WAF managed rule packages based on app category and resource selections. or choose individual rules.
After naming and describing the protection pack, users can optionally expand Customize protection pack (web ACL) to configure additional settings including pricing tiers, payment methods, content scope, and license terms.
Once the protection pack exists, AWS advises reviewing the AI traffic analysis dashboard before setting pricing. In the WAF & Shield console, users go to AI traffic analysis and select the protection pack from a dropdown. The dashboard breaks traffic into four categories in the bot traffic overview panel: All bot requests. AI bot requests. Verified AI bot traffic. and Unverified AI bot traffic.
AWS says the dashboard also surfaces infrastructure impact metrics, including bandwidth consumed, estimated monthly cost, and peak request rates. It includes a per-path heatmap showing which content paths receive the most AI bot activity by hour.
For classification, AWS says AWS WAF Bot Control covers over 650 distinct AI bot and agent types, including GPTBot, Claude-Web, and Perplexity-Bot. Each agent is assigned a verification tier.
Verified agents are identified either through Web Bot Auth (WBA) Ed25519 cryptographic signatures. or from a documented IP range with a known set of user-agents and domain names. Unverified agents are recognized through user-agent matching, behavioral fingerprinting, and IP reputation, but identity is not cryptographically confirmed.
After reviewing traffic patterns. users return to Protection packs (web ACLs). select the protection pack. and choose Configure AI monetization from the right panel. AWS says the configuration ties together pricing. agent policies. accepted payment methods. and license terms for a defined set of content paths. Users can create multiple protection packs and apply different pricing to different content zones within the same distribution. After creation. the protection pack must be associated with the web ACL by opening the web ACL and choosing Add protection pack.
Within each pack. AWS says each agent verification tier can be assigned one of six actions: Monetize (return a 402 with pricing). Allow (grant free access). Block (deny access entirely). Count (log without charging). CAPTCHA (present a puzzle to verify a human sender). or Challenge (run a silent check to verify the client is a browser. not a bot).
On the “Edit monetization configuration” page, settlement settings center on stablecoins. Under Payment settlement, users select one or more blockchain networks for stablecoin payments. AWS says any wallet address on supported networks is accepted. whether self-managed or hosted by a wallet provider such as Coinbase. For each network, users provide a wallet address and set a Base price per page in USDC. Users can add multiple networks using Add network.
AWS says it does not process payments or take a fee on content revenue; disbursement is self-managed or managed by the wallet provider.
When a Monetize rule matches an incoming request, AWS WAF returns an HTTP 402 Payment Required response. The response body contains a machine-readable price manifest in JSON format using the x402 open protocol for machine-to-machine payments. AWS says the manifest includes the content price in USDC. accepted blockchain networks such as Base and Solana. the destination wallet address. the maximum payment timeout. and the payment scheme.
AWS WAF says any x402-compatible agent runtime can complete the flow autonomously. The client submits a signed payment authorization on their payment network of choice. AWS WAF verifies it. fetches the content. integrates with third-party facilitator services for settling the payment on-chain. and serves the response.
There is one important limitation: AWS says Monetize is supported exclusively for web ACLs associated with Amazon CloudFront distributions, and that adding a Monetize rule to a regional web ACL is not supported.
AWS also builds in a test path. The Currency mode toggle is available directly in the monetization configuration page. allowing switching between Real and Test mode at any time. AWS says test mode still enforces x402 payments. but those payments can be made on testnets such as Base Sepolia or Solana Devnet using test funds obtained from faucets such as faucet.circle.com.
To activate test mode, AWS says users toggle Currency mode to Test in the protection pack configuration. AWS WAF returns real price manifests and runs the full payment flow identically to production on the configured test chain. and it logs events with CurrencyMode: TEST. Once configuration is satisfied, users toggle Currency mode back to Real to begin processing real payments.
After switching to Real currency mode, AWS says users can track monetization outcomes in real time under AI access monetization in the left navigation pane. It adds that the AI access monetization dashboard reflects only activity from real currency mode and does not display test transactions.
From there, AWS describes a set of dashboards. The Revenue dashboard shows Total revenue, revenue broken down by Verified bots and Unverified bots, and Avg. per request. A “Top revenue sources” panel groups earnings by bot category. and an “AI access patterns” panel ranks content paths by revenue generated. The Settlements tab is used to reconcile payments by provider, review payment method distribution, and check for failed payment attempts.
The feature is available now for Amazon CloudFront customers. AWS says there is no additional charge beyond standard AWS WAF pricing, and that it’s available in all edge locations where AWS WAF web ACLs are associated with Amazon CloudFront distributions.
For documentation, AWS directs users to the AWS WAF Developer Guide.
In a system where AI bots can consume content with little to no measurable traffic back to publishers. the question has always been who pays for the access. With AI traffic monetization. AWS is betting publishers will want a way to turn that access into payment—without giving up the edge-level control that originally helped manage traffic in the first place.
AWS WAF AI traffic monetization CloudFront bot control x402 stablecoins USDC monetization Verified AI bots unverified AI bots Coinbase x402 Facilitator Stripe integration Machine Payments Protocol MPP