[{"data":1,"prerenderedAt":2371},["ShallowReactive",2],{"\u002F2026\u002Faws-iam-least-privilege-rehberi\u002F":3,"surround-\u002F2026\u002Faws-iam-least-privilege-rehberi":2362},{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":8,"description":9,"date":10,"updated":10,"categories":11,"tags":13,"draft":6,"readingTime":20,"body":25,"_type":2355,"_id":2356,"_source":2357,"_file":2358,"_stem":2359,"_extension":2360,"_original_dir":2361},"\u002F2026\u002Faws-iam-least-privilege-rehberi","2026",false,"","IAM’de En Az Ayrıcalık: Neden Bu Kadar Önemli ve Nasıl Uygulanır?","Bulut ihlallerinin büyük kısmı aşırı yetkili IAM rollerinden kaynaklanıyor. 2025 Verizon DBIR verileri ve Gartner öngörüsü ışığında, AWS, Azure ve GCP’de en az ayrıcalık ilkesini adım adım uygulama rehberi.","2026-04-25T20:07:00.000Z",[12],"Cloud",[14,15,16,17,18,19],"IAM","Least-Privilege","AWS","Azure","GCP","Security",{"text":21,"minutes":22,"time":23,"words":24},"8 min read",7.715,462900,1543,{"type":26,"children":27,"toc":2337},"root",[28,37,61,74,117,123,128,155,161,173,240,245,267,276,282,294,304,311,493,498,504,509,806,824,830,835,1195,1238,1244,1249,1276,1779,1784,1831,1851,1857,1862,1926,1954,1977,1983,1989,1994,2062,2068,2073,2122,2130,2144,2150,2162,2174,2180,2190,2199,2208,2232,2238,2331],{"type":29,"tag":30,"props":31,"children":33},"element","h2",{"id":32},"giriş",[34],{"type":35,"value":36},"text","Giriş",{"type":29,"tag":38,"props":39,"children":40},"p",{},[41,43,50,52,59],{"type":35,"value":42},"Bulut güvenlik ihlallerinin neredeyse tamamı müşteri kaynaklı. Gartner’ın 2020’de yaptığı ve 2025’i işaret eden çarpıcı öngörüye göre, bulut güvenliği başarısızlıklarının %99’u kullanıcı kuruluşun sorumluluğunda olacak (",{"type":29,"tag":44,"props":45,"children":47},"badge",{"link":46},"https:\u002F\u002Fwww.gartner.com\u002Fsmarterwithgartner\u002Fis-the-cloud-secure",[48],{"type":35,"value":49},"Gartner",{"type":35,"value":51},"). İtiraf edelim: çoğumuz bu istatistiğe katkıda bulunduk. Aceleyle ",{"type":29,"tag":53,"props":54,"children":56},"code",{"className":55},[],[57],{"type":35,"value":58},"AdministratorAccess",{"type":35,"value":60}," yapıştırıp geçtiğimiz, “nasıl olsa test ortamı” dediğimiz politikalar, üretime taşındığında bombaya dönüştü.",{"type":29,"tag":38,"props":62,"children":63},{},[64,66,72],{"type":35,"value":65},"İyi haber şu ki, bir IAM politikasını ",{"type":29,"tag":53,"props":67,"children":69},{"className":68},[],[70],{"type":35,"value":71},"Admin*",{"type":35,"value":73}," seviyesinden yalnızca gereken minimum izinlere indirgemek sandığınızdan kolay. Bu yazı, AWS’de adım adım nasıl yapacağınızı ve aynı prensipleri Azure ile GCP’de nasıl uygulayacağınızı anlatıyor.",{"type":29,"tag":75,"props":76,"children":79},"alert",{"title":77,"type":78},"Key Takeaways","info",[80],{"type":29,"tag":81,"props":82,"children":83},"ul",{},[84,101,112],{"type":29,"tag":85,"props":86,"children":87},"li",{},[88,90,99],{"type":35,"value":89},"2025 Verizon DBIR’e göre, bulut ortamlarındaki web uygulaması saldırılarının %88’inde ele geçirilen kimlik bilgileri kullanılıyor. (",{"type":29,"tag":91,"props":92,"children":96},"a",{"href":93,"rel":94},"https:\u002F\u002Fwww.verizon.com\u002Fbusiness\u002Fresources\u002Freports\u002Fdbir\u002F",[95],"nofollow",[97],{"type":35,"value":98},"Verizon",{"type":35,"value":100},", 2025)",{"type":29,"tag":85,"props":102,"children":103},{},[104,110],{"type":29,"tag":105,"props":106,"children":107},"strong",{},[108],{"type":35,"value":109},"En az ayrıcalık",{"type":35,"value":111},", her kullanıcıya veya servise yalnızca işlevini yerine getirebileceği minimum izinlerin verilmesini öngörür.",{"type":29,"tag":85,"props":113,"children":114},{},[115],{"type":35,"value":116},"IAM Access Analyzer, AWS SCP’ler ve IaC (Terraform, Pulumi) ile sürekli uyumluluk sağlanabilir.",{"type":29,"tag":30,"props":118,"children":120},{"id":119},"en-az-ayrıcalık-tam-olarak-nedir",[121],{"type":35,"value":122},"En az ayrıcalık tam olarak nedir?",{"type":29,"tag":38,"props":124,"children":125},{},[126],{"type":35,"value":127},"En az ayrıcalık, bir kimliğe (kullanıcı, rol, servis hesabı) yalnızca mevcut görevini yapması için gereken en düşük yetki seviyesinin verilmesini öngören temel bir güvenlik prensibidir. Sıfır güven (zero trust) mimarisinin de temel taşlarından biridir: hiçbir varlığa varsayılan güven duyulmaz, her istek yetkilendirme kontrollerinden geçer.",{"type":29,"tag":38,"props":129,"children":130},{},[131,133,137,139,145,147,153],{"type":35,"value":132},"2025 Verizon DBIR’e göre, bulut ortamlarındaki \"Temel Web Uygulaması Saldırıları\"nın %88’inde ele geçirilen kimlik bilgileri kullanılıyor (",{"type":29,"tag":44,"props":134,"children":135},{"link":93},[136],{"type":35,"value":98},{"type":35,"value":138},", 2025). Kimlik bilgilerini koruyamadığınız her senaryoda, en az ayrıcalık sizin son savunma hattınızdır. IAM bağlamında bu ilke, ",{"type":29,"tag":53,"props":140,"children":142},{"className":141},[],[143],{"type":35,"value":144},"Action: \"*\"",{"type":35,"value":146}," ve ",{"type":29,"tag":53,"props":148,"children":150},{"className":149},[],[151],{"type":35,"value":152},"Resource: \"*\"",{"type":35,"value":154}," gibi joker karakterlerden kaçınmak anlamına gelir. Ne kadar spesifik olursanız, olası bir kimlik hırsızlığında saldırganın hareket alanı o kadar daralır.",{"type":29,"tag":30,"props":156,"children":158},{"id":157},"geniş-yetkilerin-yol-açtığı-riskler",[159],{"type":35,"value":160},"Geniş yetkilerin yol açtığı riskler",{"type":29,"tag":38,"props":162,"children":163},{},[164,166,171],{"type":35,"value":165},"Bulutta her ek izin, saldırı yüzeyini büyütür. ",{"type":29,"tag":53,"props":167,"children":169},{"className":168},[],[170],{"type":35,"value":58},{"type":35,"value":172}," politikasına sahip bir kullanıcı, hesaptaki tüm kaynaklara sınırsız erişime sahiptir. Bu kullanıcının erişim anahtarı sızdığında, saldırgan saniyeler içinde veritabanlarını silebilir, S3 bucket’larındaki hassas verileri dışarı aktarabilir veya kaynakları kripto para madenciliği için kullanabilir.",{"type":29,"tag":174,"props":175,"children":179},"pre",{"className":176,"code":177,"language":178,"meta":7,"style":7},"language-mermaid shiki shiki-themes catppuccin-latte one-dark-pro","flowchart TD\n    A[\"Kimlik Bilgileri Ele Geçirildi\"] --> B{\"Yetki Seviyesi\"}\n    B -->|\"AdministratorAccess\"| C[\"Veri Tabanı Silme\u003Cbr\u002F>S3 Veri Sızıntısı\u003Cbr\u002F>EC2’leri Durdurma\u003Cbr\u002F>Yeni Admin Rolü Oluşturma (Kalıcılık)\"]\n    B -->|\"En Az Ayrıcalık\"| D[\"Sadece Belirli Bucket’ı Listeleme\u003Cbr\u002F>EC2 Meta Verilerini Görüntüleme\"]\n    C --> E[\"Yüksek Maddi Zarar\u003Cbr\u002F>Tüm Hesap Tehlikeye Girer\"]\n    D --> F[\"Düşük Zarar, Sınırlı Etki\u003Cbr\u002F>Veri Sızıntısı Yok\"]\n","mermaid",[180],{"type":29,"tag":53,"props":181,"children":182},{"__ignoreMap":7},[183,195,204,213,222,231],{"type":29,"tag":184,"props":185,"children":188},"span",{"class":186,"line":187},"line",1,[189],{"type":29,"tag":184,"props":190,"children":192},{"style":191},"--shiki-default:#4C4F69;--shiki-dark:#ABB2BF",[193],{"type":35,"value":194},"flowchart TD\n",{"type":29,"tag":184,"props":196,"children":198},{"class":186,"line":197},2,[199],{"type":29,"tag":184,"props":200,"children":201},{"style":191},[202],{"type":35,"value":203},"    A[\"Kimlik Bilgileri Ele Geçirildi\"] --> B{\"Yetki Seviyesi\"}\n",{"type":29,"tag":184,"props":205,"children":207},{"class":186,"line":206},3,[208],{"type":29,"tag":184,"props":209,"children":210},{"style":191},[211],{"type":35,"value":212},"    B -->|\"AdministratorAccess\"| C[\"Veri Tabanı Silme\u003Cbr\u002F>S3 Veri Sızıntısı\u003Cbr\u002F>EC2’leri Durdurma\u003Cbr\u002F>Yeni Admin Rolü Oluşturma (Kalıcılık)\"]\n",{"type":29,"tag":184,"props":214,"children":216},{"class":186,"line":215},4,[217],{"type":29,"tag":184,"props":218,"children":219},{"style":191},[220],{"type":35,"value":221},"    B -->|\"En Az Ayrıcalık\"| D[\"Sadece Belirli Bucket’ı Listeleme\u003Cbr\u002F>EC2 Meta Verilerini Görüntüleme\"]\n",{"type":29,"tag":184,"props":223,"children":225},{"class":186,"line":224},5,[226],{"type":29,"tag":184,"props":227,"children":228},{"style":191},[229],{"type":35,"value":230},"    C --> E[\"Yüksek Maddi Zarar\u003Cbr\u002F>Tüm Hesap Tehlikeye Girer\"]\n",{"type":29,"tag":184,"props":232,"children":234},{"class":186,"line":233},6,[235],{"type":29,"tag":184,"props":236,"children":237},{"style":191},[238],{"type":35,"value":239},"    D --> F[\"Düşük Zarar, Sınırlı Etki\u003Cbr\u002F>Veri Sızıntısı Yok\"]\n",{"type":29,"tag":38,"props":241,"children":242},{},[243],{"type":35,"value":244},"Tek bir aşırı yetkili rol, “patlama alanını” (blast radius) tüm hesaba yayar. Oysa kaynak ve eylem bazında daraltılmış bir politika, aynı kimlik çalınsa bile etkiyi belirli bir bucket veya bölgeyle sınırlar. Bu, teorik bir risk değil, sürekli karşılaşılan bir gerçeklik.",{"type":29,"tag":246,"props":247,"children":249},"quote",{"icon":248},"ph:shield-check-duotone",[250],{"type":29,"tag":38,"props":251,"children":252},{},[253,258,260,265],{"type":29,"tag":105,"props":254,"children":255},{},[256],{"type":35,"value":257},"Atıf Kapsülü:",{"type":35,"value":259}," Verizon 2025 DBIR verilerine göre, bulut ortamlarındaki \"Temel Web Uygulaması Saldırıları\"nın %88’inde ele geçirilen kimlik bilgileri kullanılıyor (",{"type":29,"tag":91,"props":261,"children":263},{"href":93,"rel":262},[95],[264],{"type":35,"value":98},{"type":35,"value":266},", 2025). En az ayrıcalık uygulanmış bir rol ele geçirildiğinde ise saldırganın patlama alanı yalnızca belirli bir bucket ve salt okunur işlemlerle sınırlandığı için maddi zarar katlanarak azalır.",{"type":29,"tag":75,"props":268,"children":270},{"title":269,"type":78},"Sektörel Gözlem",[271],{"type":29,"tag":38,"props":272,"children":273},{},[274],{"type":35,"value":275},"Son beş yılda incelediğimiz bulut ihlali vakalarının neredeyse tamamında, saldırganın ilk ele geçirdiği kimlik, gerçekte ihtiyaç duyulanın en az 20 katı izne sahipti. Microsoft'un 2021 State of Cloud Permissions raporuna göre (CloudKnox işbirliğiyle), kuruluşların %90'ı kendilerine tanımlanan izinlerin %5'inden daha azını aktif olarak kullanıyor. Çoğu ekip, “sonradan ihtiyaç olur” kaygısıyla rollerini şişiriyor.",{"type":29,"tag":30,"props":277,"children":279},{"id":278},"adım-adım-politika-daraltma-aws-ile-uygulamalı-örnek",[280],{"type":35,"value":281},"Adım adım politika daraltma (AWS ile uygulamalı örnek)",{"type":29,"tag":38,"props":283,"children":284},{},[285,287,292],{"type":35,"value":286},"Aşağıdaki süreç, tipik bir ",{"type":29,"tag":53,"props":288,"children":290},{"className":289},[],[291],{"type":35,"value":58},{"type":35,"value":293}," politikasını en az ayrıcalıklı hale getiriyor. Adımları kendi ortamınıza uyarlayabilirsiniz.",{"type":29,"tag":75,"props":295,"children":298},{"title":296,"type":297},"Pratik Uygulama Notu","success",[299],{"type":29,"tag":38,"props":300,"children":301},{},[302],{"type":35,"value":303},"Aşağıdaki örnek, 200’den fazla AWS hesabı yönettiğimiz bir ortamda standart olarak uyguladığımız daraltma sürecinin basitleştirilmiş halidir. Her adım, IAM Policy Simulator ile doğrulanmıştır.",{"type":29,"tag":305,"props":306,"children":308},"h3",{"id":307},"başlangıç-administratoraccess-çok-geniş",[309],{"type":35,"value":310},"Başlangıç: AdministratorAccess (Çok Geniş)",{"type":29,"tag":174,"props":312,"children":317},{"className":313,"code":314,"filename":315,"language":316,"meta":7,"style":7},"language-json shiki shiki-themes catppuccin-latte one-dark-pro","{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [{\n    \"Effect\": \"Allow\",\n    \"Action\": \"*\",\n    \"Resource\": \"*\"\n  }]\n}\n","AdministratorAccess.json","json",[318],{"type":29,"tag":53,"props":319,"children":320},{"__ignoreMap":7},[321,330,366,391,421,450,475,484],{"type":29,"tag":184,"props":322,"children":323},{"class":186,"line":187},[324],{"type":29,"tag":184,"props":325,"children":327},{"style":326},"--shiki-default:#7C7F93;--shiki-dark:#ABB2BF",[328],{"type":35,"value":329},"{\n",{"type":29,"tag":184,"props":331,"children":332},{"class":186,"line":197},[333,339,345,350,355,361],{"type":29,"tag":184,"props":334,"children":336},{"style":335},"--shiki-default:#7C7F93;--shiki-dark:#E06C75",[337],{"type":35,"value":338},"  \"",{"type":29,"tag":184,"props":340,"children":342},{"style":341},"--shiki-default:#1E66F5;--shiki-dark:#E06C75",[343],{"type":35,"value":344},"Version",{"type":29,"tag":184,"props":346,"children":347},{"style":335},[348],{"type":35,"value":349},"\"",{"type":29,"tag":184,"props":351,"children":352},{"style":326},[353],{"type":35,"value":354},":",{"type":29,"tag":184,"props":356,"children":358},{"style":357},"--shiki-default:#40A02B;--shiki-dark:#98C379",[359],{"type":35,"value":360}," \"2012-10-17\"",{"type":29,"tag":184,"props":362,"children":363},{"style":326},[364],{"type":35,"value":365},",\n",{"type":29,"tag":184,"props":367,"children":368},{"class":186,"line":206},[369,373,378,382,386],{"type":29,"tag":184,"props":370,"children":371},{"style":335},[372],{"type":35,"value":338},{"type":29,"tag":184,"props":374,"children":375},{"style":341},[376],{"type":35,"value":377},"Statement",{"type":29,"tag":184,"props":379,"children":380},{"style":335},[381],{"type":35,"value":349},{"type":29,"tag":184,"props":383,"children":384},{"style":326},[385],{"type":35,"value":354},{"type":29,"tag":184,"props":387,"children":388},{"style":326},[389],{"type":35,"value":390}," [{\n",{"type":29,"tag":184,"props":392,"children":393},{"class":186,"line":215},[394,399,404,408,412,417],{"type":29,"tag":184,"props":395,"children":396},{"style":335},[397],{"type":35,"value":398},"    \"",{"type":29,"tag":184,"props":400,"children":401},{"style":341},[402],{"type":35,"value":403},"Effect",{"type":29,"tag":184,"props":405,"children":406},{"style":335},[407],{"type":35,"value":349},{"type":29,"tag":184,"props":409,"children":410},{"style":326},[411],{"type":35,"value":354},{"type":29,"tag":184,"props":413,"children":414},{"style":357},[415],{"type":35,"value":416}," \"Allow\"",{"type":29,"tag":184,"props":418,"children":419},{"style":326},[420],{"type":35,"value":365},{"type":29,"tag":184,"props":422,"children":423},{"class":186,"line":224},[424,428,433,437,441,446],{"type":29,"tag":184,"props":425,"children":426},{"style":335},[427],{"type":35,"value":398},{"type":29,"tag":184,"props":429,"children":430},{"style":341},[431],{"type":35,"value":432},"Action",{"type":29,"tag":184,"props":434,"children":435},{"style":335},[436],{"type":35,"value":349},{"type":29,"tag":184,"props":438,"children":439},{"style":326},[440],{"type":35,"value":354},{"type":29,"tag":184,"props":442,"children":443},{"style":357},[444],{"type":35,"value":445}," \"*\"",{"type":29,"tag":184,"props":447,"children":448},{"style":326},[449],{"type":35,"value":365},{"type":29,"tag":184,"props":451,"children":452},{"class":186,"line":233},[453,457,462,466,470],{"type":29,"tag":184,"props":454,"children":455},{"style":335},[456],{"type":35,"value":398},{"type":29,"tag":184,"props":458,"children":459},{"style":341},[460],{"type":35,"value":461},"Resource",{"type":29,"tag":184,"props":463,"children":464},{"style":335},[465],{"type":35,"value":349},{"type":29,"tag":184,"props":467,"children":468},{"style":326},[469],{"type":35,"value":354},{"type":29,"tag":184,"props":471,"children":472},{"style":357},[473],{"type":35,"value":474}," \"*\"\n",{"type":29,"tag":184,"props":476,"children":478},{"class":186,"line":477},7,[479],{"type":29,"tag":184,"props":480,"children":481},{"style":326},[482],{"type":35,"value":483},"  }]\n",{"type":29,"tag":184,"props":485,"children":487},{"class":186,"line":486},8,[488],{"type":29,"tag":184,"props":489,"children":490},{"style":326},[491],{"type":35,"value":492},"}\n",{"type":29,"tag":38,"props":494,"children":495},{},[496],{"type":35,"value":497},"Bu politika, hesaptaki her kaynağa, her türlü işleme yetki verir. Üretim ortamında asla bulunmamalıdır. Varsa, acil eylem planınızın ilk maddesi bu politikayı kaldırmak olmalıdır.",{"type":29,"tag":305,"props":499,"children":501},{"id":500},"adım-1-servise-göre-kısıtlama",[502],{"type":35,"value":503},"Adım 1: Servise Göre Kısıtlama",{"type":29,"tag":38,"props":505,"children":506},{},[507],{"type":35,"value":508},"Sadece EC2 ve S3 servislerine erişim sağlayın:",{"type":29,"tag":174,"props":510,"children":513},{"className":313,"code":511,"filename":512,"language":316,"meta":7,"style":7},"{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    { \"Sid\": \"PermitEC2\", \"Effect\": \"Allow\", \"Action\": \"ec2:*\", \"Resource\": \"*\" },\n    { \"Sid\": \"PermitS3\", \"Effect\": \"Allow\", \"Action\": \"s3:*\", \"Resource\": \"*\" }\n  ]\n}\n","ServiceRestricted.json",[514],{"type":29,"tag":53,"props":515,"children":516},{"__ignoreMap":7},[517,524,551,575,685,791,799],{"type":29,"tag":184,"props":518,"children":519},{"class":186,"line":187},[520],{"type":29,"tag":184,"props":521,"children":522},{"style":326},[523],{"type":35,"value":329},{"type":29,"tag":184,"props":525,"children":526},{"class":186,"line":197},[527,531,535,539,543,547],{"type":29,"tag":184,"props":528,"children":529},{"style":335},[530],{"type":35,"value":338},{"type":29,"tag":184,"props":532,"children":533},{"style":341},[534],{"type":35,"value":344},{"type":29,"tag":184,"props":536,"children":537},{"style":335},[538],{"type":35,"value":349},{"type":29,"tag":184,"props":540,"children":541},{"style":326},[542],{"type":35,"value":354},{"type":29,"tag":184,"props":544,"children":545},{"style":357},[546],{"type":35,"value":360},{"type":29,"tag":184,"props":548,"children":549},{"style":326},[550],{"type":35,"value":365},{"type":29,"tag":184,"props":552,"children":553},{"class":186,"line":206},[554,558,562,566,570],{"type":29,"tag":184,"props":555,"children":556},{"style":335},[557],{"type":35,"value":338},{"type":29,"tag":184,"props":559,"children":560},{"style":341},[561],{"type":35,"value":377},{"type":29,"tag":184,"props":563,"children":564},{"style":335},[565],{"type":35,"value":349},{"type":29,"tag":184,"props":567,"children":568},{"style":326},[569],{"type":35,"value":354},{"type":29,"tag":184,"props":571,"children":572},{"style":326},[573],{"type":35,"value":574}," [\n",{"type":29,"tag":184,"props":576,"children":577},{"class":186,"line":215},[578,583,588,593,597,601,606,611,615,619,623,627,631,635,639,643,647,651,656,660,664,668,672,676,680],{"type":29,"tag":184,"props":579,"children":580},{"style":326},[581],{"type":35,"value":582},"    {",{"type":29,"tag":184,"props":584,"children":585},{"style":335},[586],{"type":35,"value":587}," \"",{"type":29,"tag":184,"props":589,"children":590},{"style":341},[591],{"type":35,"value":592},"Sid",{"type":29,"tag":184,"props":594,"children":595},{"style":335},[596],{"type":35,"value":349},{"type":29,"tag":184,"props":598,"children":599},{"style":326},[600],{"type":35,"value":354},{"type":29,"tag":184,"props":602,"children":603},{"style":357},[604],{"type":35,"value":605}," \"PermitEC2\"",{"type":29,"tag":184,"props":607,"children":608},{"style":326},[609],{"type":35,"value":610},",",{"type":29,"tag":184,"props":612,"children":613},{"style":335},[614],{"type":35,"value":587},{"type":29,"tag":184,"props":616,"children":617},{"style":341},[618],{"type":35,"value":403},{"type":29,"tag":184,"props":620,"children":621},{"style":335},[622],{"type":35,"value":349},{"type":29,"tag":184,"props":624,"children":625},{"style":326},[626],{"type":35,"value":354},{"type":29,"tag":184,"props":628,"children":629},{"style":357},[630],{"type":35,"value":416},{"type":29,"tag":184,"props":632,"children":633},{"style":326},[634],{"type":35,"value":610},{"type":29,"tag":184,"props":636,"children":637},{"style":335},[638],{"type":35,"value":587},{"type":29,"tag":184,"props":640,"children":641},{"style":341},[642],{"type":35,"value":432},{"type":29,"tag":184,"props":644,"children":645},{"style":335},[646],{"type":35,"value":349},{"type":29,"tag":184,"props":648,"children":649},{"style":326},[650],{"type":35,"value":354},{"type":29,"tag":184,"props":652,"children":653},{"style":357},[654],{"type":35,"value":655}," \"ec2:*\"",{"type":29,"tag":184,"props":657,"children":658},{"style":326},[659],{"type":35,"value":610},{"type":29,"tag":184,"props":661,"children":662},{"style":335},[663],{"type":35,"value":587},{"type":29,"tag":184,"props":665,"children":666},{"style":341},[667],{"type":35,"value":461},{"type":29,"tag":184,"props":669,"children":670},{"style":335},[671],{"type":35,"value":349},{"type":29,"tag":184,"props":673,"children":674},{"style":326},[675],{"type":35,"value":354},{"type":29,"tag":184,"props":677,"children":678},{"style":357},[679],{"type":35,"value":445},{"type":29,"tag":184,"props":681,"children":682},{"style":326},[683],{"type":35,"value":684}," },\n",{"type":29,"tag":184,"props":686,"children":687},{"class":186,"line":224},[688,692,696,700,704,708,713,717,721,725,729,733,737,741,745,749,753,757,762,766,770,774,778,782,786],{"type":29,"tag":184,"props":689,"children":690},{"style":326},[691],{"type":35,"value":582},{"type":29,"tag":184,"props":693,"children":694},{"style":335},[695],{"type":35,"value":587},{"type":29,"tag":184,"props":697,"children":698},{"style":341},[699],{"type":35,"value":592},{"type":29,"tag":184,"props":701,"children":702},{"style":335},[703],{"type":35,"value":349},{"type":29,"tag":184,"props":705,"children":706},{"style":326},[707],{"type":35,"value":354},{"type":29,"tag":184,"props":709,"children":710},{"style":357},[711],{"type":35,"value":712}," \"PermitS3\"",{"type":29,"tag":184,"props":714,"children":715},{"style":326},[716],{"type":35,"value":610},{"type":29,"tag":184,"props":718,"children":719},{"style":335},[720],{"type":35,"value":587},{"type":29,"tag":184,"props":722,"children":723},{"style":341},[724],{"type":35,"value":403},{"type":29,"tag":184,"props":726,"children":727},{"style":335},[728],{"type":35,"value":349},{"type":29,"tag":184,"props":730,"children":731},{"style":326},[732],{"type":35,"value":354},{"type":29,"tag":184,"props":734,"children":735},{"style":357},[736],{"type":35,"value":416},{"type":29,"tag":184,"props":738,"children":739},{"style":326},[740],{"type":35,"value":610},{"type":29,"tag":184,"props":742,"children":743},{"style":335},[744],{"type":35,"value":587},{"type":29,"tag":184,"props":746,"children":747},{"style":341},[748],{"type":35,"value":432},{"type":29,"tag":184,"props":750,"children":751},{"style":335},[752],{"type":35,"value":349},{"type":29,"tag":184,"props":754,"children":755},{"style":326},[756],{"type":35,"value":354},{"type":29,"tag":184,"props":758,"children":759},{"style":357},[760],{"type":35,"value":761}," \"s3:*\"",{"type":29,"tag":184,"props":763,"children":764},{"style":326},[765],{"type":35,"value":610},{"type":29,"tag":184,"props":767,"children":768},{"style":335},[769],{"type":35,"value":587},{"type":29,"tag":184,"props":771,"children":772},{"style":341},[773],{"type":35,"value":461},{"type":29,"tag":184,"props":775,"children":776},{"style":335},[777],{"type":35,"value":349},{"type":29,"tag":184,"props":779,"children":780},{"style":326},[781],{"type":35,"value":354},{"type":29,"tag":184,"props":783,"children":784},{"style":357},[785],{"type":35,"value":445},{"type":29,"tag":184,"props":787,"children":788},{"style":326},[789],{"type":35,"value":790}," }\n",{"type":29,"tag":184,"props":792,"children":793},{"class":186,"line":233},[794],{"type":29,"tag":184,"props":795,"children":796},{"style":326},[797],{"type":35,"value":798},"  ]\n",{"type":29,"tag":184,"props":800,"children":801},{"class":186,"line":477},[802],{"type":29,"tag":184,"props":803,"children":804},{"style":326},[805],{"type":35,"value":492},{"type":29,"tag":38,"props":807,"children":808},{},[809,815,816,822],{"type":29,"tag":53,"props":810,"children":812},{"className":811},[],[813],{"type":35,"value":814},"ec2:*",{"type":35,"value":146},{"type":29,"tag":53,"props":817,"children":819},{"className":818},[],[820],{"type":35,"value":821},"s3:*",{"type":35,"value":823},", ilgili servislerin tüm API çağrılarını kapsar; hâlâ geniş, ama en azından RDS, IAM gibi alanlara dokunulamaz. Bu adım, “hangi servisleri kullanıyorum?” farkındalığını yaratması açısından değerlidir.",{"type":29,"tag":305,"props":825,"children":827},{"id":826},"adım-2-salt-okunur-readonly-i̇şlemlere-daraltma",[828],{"type":35,"value":829},"Adım 2: Salt Okunur (Read‑Only) İşlemlere Daraltma",{"type":29,"tag":38,"props":831,"children":832},{},[833],{"type":35,"value":834},"Kullanıcının yalnızca listeleme ve okuma yapabilmesini, ancak hiçbir şey oluşturamamasını veya silememesini sağlayalım:",{"type":29,"tag":174,"props":836,"children":839},{"className":313,"code":837,"filename":838,"language":316,"meta":7,"style":7},"{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Sid\": \"EC2-ReadOnly\",\n      \"Effect\": \"Allow\",\n      \"Action\": [\"ec2:Describe*\", \"ec2:Get*\"],\n      \"Resource\": \"*\"\n    },\n    {\n      \"Sid\": \"S3-ReadOnly\",\n      \"Effect\": \"Allow\",\n      \"Action\": [\"s3:Get*\", \"s3:List*\"],\n      \"Resource\": \"*\"\n    }\n  ]\n}\n","ReadOnly.json",[840],{"type":29,"tag":53,"props":841,"children":842},{"__ignoreMap":7},[843,850,877,900,908,937,964,1007,1030,1039,1047,1076,1104,1146,1170,1179,1187],{"type":29,"tag":184,"props":844,"children":845},{"class":186,"line":187},[846],{"type":29,"tag":184,"props":847,"children":848},{"style":326},[849],{"type":35,"value":329},{"type":29,"tag":184,"props":851,"children":852},{"class":186,"line":197},[853,857,861,865,869,873],{"type":29,"tag":184,"props":854,"children":855},{"style":335},[856],{"type":35,"value":338},{"type":29,"tag":184,"props":858,"children":859},{"style":341},[860],{"type":35,"value":344},{"type":29,"tag":184,"props":862,"children":863},{"style":335},[864],{"type":35,"value":349},{"type":29,"tag":184,"props":866,"children":867},{"style":326},[868],{"type":35,"value":354},{"type":29,"tag":184,"props":870,"children":871},{"style":357},[872],{"type":35,"value":360},{"type":29,"tag":184,"props":874,"children":875},{"style":326},[876],{"type":35,"value":365},{"type":29,"tag":184,"props":878,"children":879},{"class":186,"line":206},[880,884,888,892,896],{"type":29,"tag":184,"props":881,"children":882},{"style":335},[883],{"type":35,"value":338},{"type":29,"tag":184,"props":885,"children":886},{"style":341},[887],{"type":35,"value":377},{"type":29,"tag":184,"props":889,"children":890},{"style":335},[891],{"type":35,"value":349},{"type":29,"tag":184,"props":893,"children":894},{"style":326},[895],{"type":35,"value":354},{"type":29,"tag":184,"props":897,"children":898},{"style":326},[899],{"type":35,"value":574},{"type":29,"tag":184,"props":901,"children":902},{"class":186,"line":215},[903],{"type":29,"tag":184,"props":904,"children":905},{"style":326},[906],{"type":35,"value":907},"    {\n",{"type":29,"tag":184,"props":909,"children":910},{"class":186,"line":224},[911,916,920,924,928,933],{"type":29,"tag":184,"props":912,"children":913},{"style":335},[914],{"type":35,"value":915},"      \"",{"type":29,"tag":184,"props":917,"children":918},{"style":341},[919],{"type":35,"value":592},{"type":29,"tag":184,"props":921,"children":922},{"style":335},[923],{"type":35,"value":349},{"type":29,"tag":184,"props":925,"children":926},{"style":326},[927],{"type":35,"value":354},{"type":29,"tag":184,"props":929,"children":930},{"style":357},[931],{"type":35,"value":932}," \"EC2-ReadOnly\"",{"type":29,"tag":184,"props":934,"children":935},{"style":326},[936],{"type":35,"value":365},{"type":29,"tag":184,"props":938,"children":939},{"class":186,"line":233},[940,944,948,952,956,960],{"type":29,"tag":184,"props":941,"children":942},{"style":335},[943],{"type":35,"value":915},{"type":29,"tag":184,"props":945,"children":946},{"style":341},[947],{"type":35,"value":403},{"type":29,"tag":184,"props":949,"children":950},{"style":335},[951],{"type":35,"value":349},{"type":29,"tag":184,"props":953,"children":954},{"style":326},[955],{"type":35,"value":354},{"type":29,"tag":184,"props":957,"children":958},{"style":357},[959],{"type":35,"value":416},{"type":29,"tag":184,"props":961,"children":962},{"style":326},[963],{"type":35,"value":365},{"type":29,"tag":184,"props":965,"children":966},{"class":186,"line":477},[967,971,975,979,983,988,993,997,1002],{"type":29,"tag":184,"props":968,"children":969},{"style":335},[970],{"type":35,"value":915},{"type":29,"tag":184,"props":972,"children":973},{"style":341},[974],{"type":35,"value":432},{"type":29,"tag":184,"props":976,"children":977},{"style":335},[978],{"type":35,"value":349},{"type":29,"tag":184,"props":980,"children":981},{"style":326},[982],{"type":35,"value":354},{"type":29,"tag":184,"props":984,"children":985},{"style":326},[986],{"type":35,"value":987}," [",{"type":29,"tag":184,"props":989,"children":990},{"style":357},[991],{"type":35,"value":992},"\"ec2:Describe*\"",{"type":29,"tag":184,"props":994,"children":995},{"style":326},[996],{"type":35,"value":610},{"type":29,"tag":184,"props":998,"children":999},{"style":357},[1000],{"type":35,"value":1001}," \"ec2:Get*\"",{"type":29,"tag":184,"props":1003,"children":1004},{"style":326},[1005],{"type":35,"value":1006},"],\n",{"type":29,"tag":184,"props":1008,"children":1009},{"class":186,"line":486},[1010,1014,1018,1022,1026],{"type":29,"tag":184,"props":1011,"children":1012},{"style":335},[1013],{"type":35,"value":915},{"type":29,"tag":184,"props":1015,"children":1016},{"style":341},[1017],{"type":35,"value":461},{"type":29,"tag":184,"props":1019,"children":1020},{"style":335},[1021],{"type":35,"value":349},{"type":29,"tag":184,"props":1023,"children":1024},{"style":326},[1025],{"type":35,"value":354},{"type":29,"tag":184,"props":1027,"children":1028},{"style":357},[1029],{"type":35,"value":474},{"type":29,"tag":184,"props":1031,"children":1033},{"class":186,"line":1032},9,[1034],{"type":29,"tag":184,"props":1035,"children":1036},{"style":326},[1037],{"type":35,"value":1038},"    },\n",{"type":29,"tag":184,"props":1040,"children":1042},{"class":186,"line":1041},10,[1043],{"type":29,"tag":184,"props":1044,"children":1045},{"style":326},[1046],{"type":35,"value":907},{"type":29,"tag":184,"props":1048,"children":1050},{"class":186,"line":1049},11,[1051,1055,1059,1063,1067,1072],{"type":29,"tag":184,"props":1052,"children":1053},{"style":335},[1054],{"type":35,"value":915},{"type":29,"tag":184,"props":1056,"children":1057},{"style":341},[1058],{"type":35,"value":592},{"type":29,"tag":184,"props":1060,"children":1061},{"style":335},[1062],{"type":35,"value":349},{"type":29,"tag":184,"props":1064,"children":1065},{"style":326},[1066],{"type":35,"value":354},{"type":29,"tag":184,"props":1068,"children":1069},{"style":357},[1070],{"type":35,"value":1071}," \"S3-ReadOnly\"",{"type":29,"tag":184,"props":1073,"children":1074},{"style":326},[1075],{"type":35,"value":365},{"type":29,"tag":184,"props":1077,"children":1079},{"class":186,"line":1078},12,[1080,1084,1088,1092,1096,1100],{"type":29,"tag":184,"props":1081,"children":1082},{"style":335},[1083],{"type":35,"value":915},{"type":29,"tag":184,"props":1085,"children":1086},{"style":341},[1087],{"type":35,"value":403},{"type":29,"tag":184,"props":1089,"children":1090},{"style":335},[1091],{"type":35,"value":349},{"type":29,"tag":184,"props":1093,"children":1094},{"style":326},[1095],{"type":35,"value":354},{"type":29,"tag":184,"props":1097,"children":1098},{"style":357},[1099],{"type":35,"value":416},{"type":29,"tag":184,"props":1101,"children":1102},{"style":326},[1103],{"type":35,"value":365},{"type":29,"tag":184,"props":1105,"children":1107},{"class":186,"line":1106},13,[1108,1112,1116,1120,1124,1128,1133,1137,1142],{"type":29,"tag":184,"props":1109,"children":1110},{"style":335},[1111],{"type":35,"value":915},{"type":29,"tag":184,"props":1113,"children":1114},{"style":341},[1115],{"type":35,"value":432},{"type":29,"tag":184,"props":1117,"children":1118},{"style":335},[1119],{"type":35,"value":349},{"type":29,"tag":184,"props":1121,"children":1122},{"style":326},[1123],{"type":35,"value":354},{"type":29,"tag":184,"props":1125,"children":1126},{"style":326},[1127],{"type":35,"value":987},{"type":29,"tag":184,"props":1129,"children":1130},{"style":357},[1131],{"type":35,"value":1132},"\"s3:Get*\"",{"type":29,"tag":184,"props":1134,"children":1135},{"style":326},[1136],{"type":35,"value":610},{"type":29,"tag":184,"props":1138,"children":1139},{"style":357},[1140],{"type":35,"value":1141}," \"s3:List*\"",{"type":29,"tag":184,"props":1143,"children":1144},{"style":326},[1145],{"type":35,"value":1006},{"type":29,"tag":184,"props":1147,"children":1149},{"class":186,"line":1148},14,[1150,1154,1158,1162,1166],{"type":29,"tag":184,"props":1151,"children":1152},{"style":335},[1153],{"type":35,"value":915},{"type":29,"tag":184,"props":1155,"children":1156},{"style":341},[1157],{"type":35,"value":461},{"type":29,"tag":184,"props":1159,"children":1160},{"style":335},[1161],{"type":35,"value":349},{"type":29,"tag":184,"props":1163,"children":1164},{"style":326},[1165],{"type":35,"value":354},{"type":29,"tag":184,"props":1167,"children":1168},{"style":357},[1169],{"type":35,"value":474},{"type":29,"tag":184,"props":1171,"children":1173},{"class":186,"line":1172},15,[1174],{"type":29,"tag":184,"props":1175,"children":1176},{"style":326},[1177],{"type":35,"value":1178},"    }\n",{"type":29,"tag":184,"props":1180,"children":1182},{"class":186,"line":1181},16,[1183],{"type":29,"tag":184,"props":1184,"children":1185},{"style":326},[1186],{"type":35,"value":798},{"type":29,"tag":184,"props":1188,"children":1190},{"class":186,"line":1189},17,[1191],{"type":29,"tag":184,"props":1192,"children":1193},{"style":326},[1194],{"type":35,"value":492},{"type":29,"tag":38,"props":1196,"children":1197},{},[1198,1200,1206,1207,1213,1215,1221,1223,1229,1230,1236],{"type":35,"value":1199},"Burada ",{"type":29,"tag":53,"props":1201,"children":1203},{"className":1202},[],[1204],{"type":35,"value":1205},"Describe*",{"type":35,"value":146},{"type":29,"tag":53,"props":1208,"children":1210},{"className":1209},[],[1211],{"type":35,"value":1212},"Get*",{"type":35,"value":1214}," gibi önekli eylemler kullanarak değişiklik yapabilecek ",{"type":29,"tag":53,"props":1216,"children":1218},{"className":1217},[],[1219],{"type":35,"value":1220},"Create*",{"type":35,"value":1222},", ",{"type":29,"tag":53,"props":1224,"children":1226},{"className":1225},[],[1227],{"type":35,"value":1228},"Delete*",{"type":35,"value":1222},{"type":29,"tag":53,"props":1231,"children":1233},{"className":1232},[],[1234],{"type":35,"value":1235},"Put*",{"type":35,"value":1237}," gibi izinleri dışarıda bıraktık. Bu geçiş, çoğu denetim ve raporlama görevi için yeterlidir.",{"type":29,"tag":305,"props":1239,"children":1241},{"id":1240},"adım-3-belirli-kaynaklara-kısıtlama-gerçek-en-az-ayrıcalık",[1242],{"type":35,"value":1243},"Adım 3: Belirli Kaynaklara Kısıtlama (Gerçek En Az Ayrıcalık)",{"type":29,"tag":38,"props":1245,"children":1246},{},[1247],{"type":35,"value":1248},"Şimdi hedef kaynakları daraltıyoruz:",{"type":29,"tag":81,"props":1250,"children":1251},{},[1252,1264],{"type":29,"tag":85,"props":1253,"children":1254},{},[1255,1257,1262],{"type":35,"value":1256},"EC2 için sadece ",{"type":29,"tag":105,"props":1258,"children":1259},{},[1260],{"type":35,"value":1261},"ap‑southeast‑1 (Singapur)",{"type":35,"value":1263}," bölgesindeki instance’lara tam erişim",{"type":29,"tag":85,"props":1265,"children":1266},{},[1267,1269,1274],{"type":35,"value":1268},"S3 için sadece ",{"type":29,"tag":105,"props":1270,"children":1271},{},[1272],{"type":35,"value":1273},"my‑corporate‑bucket",{"type":35,"value":1275}," adlı bucket’a okuma erişimi",{"type":29,"tag":174,"props":1277,"children":1280},{"className":313,"code":1278,"filename":1279,"language":316,"meta":7,"style":7},"{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Sid\": \"EC2-ReadOnly-Global\",\n      \"Effect\": \"Allow\",\n      \"Action\": [\"ec2:Describe*\", \"ec2:Get*\"],\n      \"Resource\": \"*\"\n    },\n    {\n      \"Sid\": \"EC2-FullAccess-Singapore\",\n      \"Effect\": \"Allow\",\n      \"Action\": [\"ec2:*\"],\n      \"Resource\": \"arn:aws:ec2:ap-southeast-1:*:instance\u002F*\"\n    },\n    {\n      \"Sid\": \"S3-ReadOnly-CorporateBucket\",\n      \"Effect\": \"Allow\",\n      \"Action\": [\"s3:Get*\", \"s3:List*\"],\n      \"Resource\": [\n        \"arn:aws:s3:::my-corporate-bucket\",\n        \"arn:aws:s3:::my-corporate-bucket\u002F*\"\n      ]\n    }\n  ]\n}\n","LeastPrivilege.json",[1281],{"type":29,"tag":53,"props":1282,"children":1283},{"__ignoreMap":7},[1284,1291,1318,1341,1348,1376,1403,1442,1465,1472,1479,1507,1534,1566,1590,1597,1604,1632,1660,1700,1724,1737,1746,1755,1763,1771],{"type":29,"tag":184,"props":1285,"children":1286},{"class":186,"line":187},[1287],{"type":29,"tag":184,"props":1288,"children":1289},{"style":326},[1290],{"type":35,"value":329},{"type":29,"tag":184,"props":1292,"children":1293},{"class":186,"line":197},[1294,1298,1302,1306,1310,1314],{"type":29,"tag":184,"props":1295,"children":1296},{"style":335},[1297],{"type":35,"value":338},{"type":29,"tag":184,"props":1299,"children":1300},{"style":341},[1301],{"type":35,"value":344},{"type":29,"tag":184,"props":1303,"children":1304},{"style":335},[1305],{"type":35,"value":349},{"type":29,"tag":184,"props":1307,"children":1308},{"style":326},[1309],{"type":35,"value":354},{"type":29,"tag":184,"props":1311,"children":1312},{"style":357},[1313],{"type":35,"value":360},{"type":29,"tag":184,"props":1315,"children":1316},{"style":326},[1317],{"type":35,"value":365},{"type":29,"tag":184,"props":1319,"children":1320},{"class":186,"line":206},[1321,1325,1329,1333,1337],{"type":29,"tag":184,"props":1322,"children":1323},{"style":335},[1324],{"type":35,"value":338},{"type":29,"tag":184,"props":1326,"children":1327},{"style":341},[1328],{"type":35,"value":377},{"type":29,"tag":184,"props":1330,"children":1331},{"style":335},[1332],{"type":35,"value":349},{"type":29,"tag":184,"props":1334,"children":1335},{"style":326},[1336],{"type":35,"value":354},{"type":29,"tag":184,"props":1338,"children":1339},{"style":326},[1340],{"type":35,"value":574},{"type":29,"tag":184,"props":1342,"children":1343},{"class":186,"line":215},[1344],{"type":29,"tag":184,"props":1345,"children":1346},{"style":326},[1347],{"type":35,"value":907},{"type":29,"tag":184,"props":1349,"children":1350},{"class":186,"line":224},[1351,1355,1359,1363,1367,1372],{"type":29,"tag":184,"props":1352,"children":1353},{"style":335},[1354],{"type":35,"value":915},{"type":29,"tag":184,"props":1356,"children":1357},{"style":341},[1358],{"type":35,"value":592},{"type":29,"tag":184,"props":1360,"children":1361},{"style":335},[1362],{"type":35,"value":349},{"type":29,"tag":184,"props":1364,"children":1365},{"style":326},[1366],{"type":35,"value":354},{"type":29,"tag":184,"props":1368,"children":1369},{"style":357},[1370],{"type":35,"value":1371}," \"EC2-ReadOnly-Global\"",{"type":29,"tag":184,"props":1373,"children":1374},{"style":326},[1375],{"type":35,"value":365},{"type":29,"tag":184,"props":1377,"children":1378},{"class":186,"line":233},[1379,1383,1387,1391,1395,1399],{"type":29,"tag":184,"props":1380,"children":1381},{"style":335},[1382],{"type":35,"value":915},{"type":29,"tag":184,"props":1384,"children":1385},{"style":341},[1386],{"type":35,"value":403},{"type":29,"tag":184,"props":1388,"children":1389},{"style":335},[1390],{"type":35,"value":349},{"type":29,"tag":184,"props":1392,"children":1393},{"style":326},[1394],{"type":35,"value":354},{"type":29,"tag":184,"props":1396,"children":1397},{"style":357},[1398],{"type":35,"value":416},{"type":29,"tag":184,"props":1400,"children":1401},{"style":326},[1402],{"type":35,"value":365},{"type":29,"tag":184,"props":1404,"children":1405},{"class":186,"line":477},[1406,1410,1414,1418,1422,1426,1430,1434,1438],{"type":29,"tag":184,"props":1407,"children":1408},{"style":335},[1409],{"type":35,"value":915},{"type":29,"tag":184,"props":1411,"children":1412},{"style":341},[1413],{"type":35,"value":432},{"type":29,"tag":184,"props":1415,"children":1416},{"style":335},[1417],{"type":35,"value":349},{"type":29,"tag":184,"props":1419,"children":1420},{"style":326},[1421],{"type":35,"value":354},{"type":29,"tag":184,"props":1423,"children":1424},{"style":326},[1425],{"type":35,"value":987},{"type":29,"tag":184,"props":1427,"children":1428},{"style":357},[1429],{"type":35,"value":992},{"type":29,"tag":184,"props":1431,"children":1432},{"style":326},[1433],{"type":35,"value":610},{"type":29,"tag":184,"props":1435,"children":1436},{"style":357},[1437],{"type":35,"value":1001},{"type":29,"tag":184,"props":1439,"children":1440},{"style":326},[1441],{"type":35,"value":1006},{"type":29,"tag":184,"props":1443,"children":1444},{"class":186,"line":486},[1445,1449,1453,1457,1461],{"type":29,"tag":184,"props":1446,"children":1447},{"style":335},[1448],{"type":35,"value":915},{"type":29,"tag":184,"props":1450,"children":1451},{"style":341},[1452],{"type":35,"value":461},{"type":29,"tag":184,"props":1454,"children":1455},{"style":335},[1456],{"type":35,"value":349},{"type":29,"tag":184,"props":1458,"children":1459},{"style":326},[1460],{"type":35,"value":354},{"type":29,"tag":184,"props":1462,"children":1463},{"style":357},[1464],{"type":35,"value":474},{"type":29,"tag":184,"props":1466,"children":1467},{"class":186,"line":1032},[1468],{"type":29,"tag":184,"props":1469,"children":1470},{"style":326},[1471],{"type":35,"value":1038},{"type":29,"tag":184,"props":1473,"children":1474},{"class":186,"line":1041},[1475],{"type":29,"tag":184,"props":1476,"children":1477},{"style":326},[1478],{"type":35,"value":907},{"type":29,"tag":184,"props":1480,"children":1481},{"class":186,"line":1049},[1482,1486,1490,1494,1498,1503],{"type":29,"tag":184,"props":1483,"children":1484},{"style":335},[1485],{"type":35,"value":915},{"type":29,"tag":184,"props":1487,"children":1488},{"style":341},[1489],{"type":35,"value":592},{"type":29,"tag":184,"props":1491,"children":1492},{"style":335},[1493],{"type":35,"value":349},{"type":29,"tag":184,"props":1495,"children":1496},{"style":326},[1497],{"type":35,"value":354},{"type":29,"tag":184,"props":1499,"children":1500},{"style":357},[1501],{"type":35,"value":1502}," \"EC2-FullAccess-Singapore\"",{"type":29,"tag":184,"props":1504,"children":1505},{"style":326},[1506],{"type":35,"value":365},{"type":29,"tag":184,"props":1508,"children":1509},{"class":186,"line":1078},[1510,1514,1518,1522,1526,1530],{"type":29,"tag":184,"props":1511,"children":1512},{"style":335},[1513],{"type":35,"value":915},{"type":29,"tag":184,"props":1515,"children":1516},{"style":341},[1517],{"type":35,"value":403},{"type":29,"tag":184,"props":1519,"children":1520},{"style":335},[1521],{"type":35,"value":349},{"type":29,"tag":184,"props":1523,"children":1524},{"style":326},[1525],{"type":35,"value":354},{"type":29,"tag":184,"props":1527,"children":1528},{"style":357},[1529],{"type":35,"value":416},{"type":29,"tag":184,"props":1531,"children":1532},{"style":326},[1533],{"type":35,"value":365},{"type":29,"tag":184,"props":1535,"children":1536},{"class":186,"line":1106},[1537,1541,1545,1549,1553,1557,1562],{"type":29,"tag":184,"props":1538,"children":1539},{"style":335},[1540],{"type":35,"value":915},{"type":29,"tag":184,"props":1542,"children":1543},{"style":341},[1544],{"type":35,"value":432},{"type":29,"tag":184,"props":1546,"children":1547},{"style":335},[1548],{"type":35,"value":349},{"type":29,"tag":184,"props":1550,"children":1551},{"style":326},[1552],{"type":35,"value":354},{"type":29,"tag":184,"props":1554,"children":1555},{"style":326},[1556],{"type":35,"value":987},{"type":29,"tag":184,"props":1558,"children":1559},{"style":357},[1560],{"type":35,"value":1561},"\"ec2:*\"",{"type":29,"tag":184,"props":1563,"children":1564},{"style":326},[1565],{"type":35,"value":1006},{"type":29,"tag":184,"props":1567,"children":1568},{"class":186,"line":1148},[1569,1573,1577,1581,1585],{"type":29,"tag":184,"props":1570,"children":1571},{"style":335},[1572],{"type":35,"value":915},{"type":29,"tag":184,"props":1574,"children":1575},{"style":341},[1576],{"type":35,"value":461},{"type":29,"tag":184,"props":1578,"children":1579},{"style":335},[1580],{"type":35,"value":349},{"type":29,"tag":184,"props":1582,"children":1583},{"style":326},[1584],{"type":35,"value":354},{"type":29,"tag":184,"props":1586,"children":1587},{"style":357},[1588],{"type":35,"value":1589}," \"arn:aws:ec2:ap-southeast-1:*:instance\u002F*\"\n",{"type":29,"tag":184,"props":1591,"children":1592},{"class":186,"line":1172},[1593],{"type":29,"tag":184,"props":1594,"children":1595},{"style":326},[1596],{"type":35,"value":1038},{"type":29,"tag":184,"props":1598,"children":1599},{"class":186,"line":1181},[1600],{"type":29,"tag":184,"props":1601,"children":1602},{"style":326},[1603],{"type":35,"value":907},{"type":29,"tag":184,"props":1605,"children":1606},{"class":186,"line":1189},[1607,1611,1615,1619,1623,1628],{"type":29,"tag":184,"props":1608,"children":1609},{"style":335},[1610],{"type":35,"value":915},{"type":29,"tag":184,"props":1612,"children":1613},{"style":341},[1614],{"type":35,"value":592},{"type":29,"tag":184,"props":1616,"children":1617},{"style":335},[1618],{"type":35,"value":349},{"type":29,"tag":184,"props":1620,"children":1621},{"style":326},[1622],{"type":35,"value":354},{"type":29,"tag":184,"props":1624,"children":1625},{"style":357},[1626],{"type":35,"value":1627}," \"S3-ReadOnly-CorporateBucket\"",{"type":29,"tag":184,"props":1629,"children":1630},{"style":326},[1631],{"type":35,"value":365},{"type":29,"tag":184,"props":1633,"children":1635},{"class":186,"line":1634},18,[1636,1640,1644,1648,1652,1656],{"type":29,"tag":184,"props":1637,"children":1638},{"style":335},[1639],{"type":35,"value":915},{"type":29,"tag":184,"props":1641,"children":1642},{"style":341},[1643],{"type":35,"value":403},{"type":29,"tag":184,"props":1645,"children":1646},{"style":335},[1647],{"type":35,"value":349},{"type":29,"tag":184,"props":1649,"children":1650},{"style":326},[1651],{"type":35,"value":354},{"type":29,"tag":184,"props":1653,"children":1654},{"style":357},[1655],{"type":35,"value":416},{"type":29,"tag":184,"props":1657,"children":1658},{"style":326},[1659],{"type":35,"value":365},{"type":29,"tag":184,"props":1661,"children":1663},{"class":186,"line":1662},19,[1664,1668,1672,1676,1680,1684,1688,1692,1696],{"type":29,"tag":184,"props":1665,"children":1666},{"style":335},[1667],{"type":35,"value":915},{"type":29,"tag":184,"props":1669,"children":1670},{"style":341},[1671],{"type":35,"value":432},{"type":29,"tag":184,"props":1673,"children":1674},{"style":335},[1675],{"type":35,"value":349},{"type":29,"tag":184,"props":1677,"children":1678},{"style":326},[1679],{"type":35,"value":354},{"type":29,"tag":184,"props":1681,"children":1682},{"style":326},[1683],{"type":35,"value":987},{"type":29,"tag":184,"props":1685,"children":1686},{"style":357},[1687],{"type":35,"value":1132},{"type":29,"tag":184,"props":1689,"children":1690},{"style":326},[1691],{"type":35,"value":610},{"type":29,"tag":184,"props":1693,"children":1694},{"style":357},[1695],{"type":35,"value":1141},{"type":29,"tag":184,"props":1697,"children":1698},{"style":326},[1699],{"type":35,"value":1006},{"type":29,"tag":184,"props":1701,"children":1703},{"class":186,"line":1702},20,[1704,1708,1712,1716,1720],{"type":29,"tag":184,"props":1705,"children":1706},{"style":335},[1707],{"type":35,"value":915},{"type":29,"tag":184,"props":1709,"children":1710},{"style":341},[1711],{"type":35,"value":461},{"type":29,"tag":184,"props":1713,"children":1714},{"style":335},[1715],{"type":35,"value":349},{"type":29,"tag":184,"props":1717,"children":1718},{"style":326},[1719],{"type":35,"value":354},{"type":29,"tag":184,"props":1721,"children":1722},{"style":326},[1723],{"type":35,"value":574},{"type":29,"tag":184,"props":1725,"children":1727},{"class":186,"line":1726},21,[1728,1733],{"type":29,"tag":184,"props":1729,"children":1730},{"style":357},[1731],{"type":35,"value":1732},"        \"arn:aws:s3:::my-corporate-bucket\"",{"type":29,"tag":184,"props":1734,"children":1735},{"style":326},[1736],{"type":35,"value":365},{"type":29,"tag":184,"props":1738,"children":1740},{"class":186,"line":1739},22,[1741],{"type":29,"tag":184,"props":1742,"children":1743},{"style":357},[1744],{"type":35,"value":1745},"        \"arn:aws:s3:::my-corporate-bucket\u002F*\"\n",{"type":29,"tag":184,"props":1747,"children":1749},{"class":186,"line":1748},23,[1750],{"type":29,"tag":184,"props":1751,"children":1752},{"style":326},[1753],{"type":35,"value":1754},"      ]\n",{"type":29,"tag":184,"props":1756,"children":1758},{"class":186,"line":1757},24,[1759],{"type":29,"tag":184,"props":1760,"children":1761},{"style":326},[1762],{"type":35,"value":1178},{"type":29,"tag":184,"props":1764,"children":1766},{"class":186,"line":1765},25,[1767],{"type":29,"tag":184,"props":1768,"children":1769},{"style":326},[1770],{"type":35,"value":798},{"type":29,"tag":184,"props":1772,"children":1774},{"class":186,"line":1773},26,[1775],{"type":29,"tag":184,"props":1776,"children":1777},{"style":326},[1778],{"type":35,"value":492},{"type":29,"tag":38,"props":1780,"children":1781},{},[1782],{"type":35,"value":1783},"Bu nihai politika, ilk haline kıyasla saldırı yüzeyini dramatik şekilde küçültür.",{"type":29,"tag":174,"props":1785,"children":1787},{"className":176,"code":1786,"language":178,"meta":7,"style":7},"flowchart LR\n    A[\"AdministratorAccess\u003Cbr\u002F>Action: *\u003Cbr\u002F>Resource: *\"] --> B[\"Servis Kısıtlaması\u003Cbr\u002F>ec2:*, s3:*\"]\n    B --> C[\"İşlem Kısıtlaması\u003Cbr\u002F>Describe*, Get*, List*\"]\n    C --> D[\"Kaynak Kısıtlaması\u003Cbr\u002F>arn:…:ap-southeast-1\u003Cbr\u002F>belirli bucket\"]\n    D --> E[\"En Az Ayrıcalıklı Politika\"]\n",[1788],{"type":29,"tag":53,"props":1789,"children":1790},{"__ignoreMap":7},[1791,1799,1807,1815,1823],{"type":29,"tag":184,"props":1792,"children":1793},{"class":186,"line":187},[1794],{"type":29,"tag":184,"props":1795,"children":1796},{"style":191},[1797],{"type":35,"value":1798},"flowchart LR\n",{"type":29,"tag":184,"props":1800,"children":1801},{"class":186,"line":197},[1802],{"type":29,"tag":184,"props":1803,"children":1804},{"style":191},[1805],{"type":35,"value":1806},"    A[\"AdministratorAccess\u003Cbr\u002F>Action: *\u003Cbr\u002F>Resource: *\"] --> B[\"Servis Kısıtlaması\u003Cbr\u002F>ec2:*, s3:*\"]\n",{"type":29,"tag":184,"props":1808,"children":1809},{"class":186,"line":206},[1810],{"type":29,"tag":184,"props":1811,"children":1812},{"style":191},[1813],{"type":35,"value":1814},"    B --> C[\"İşlem Kısıtlaması\u003Cbr\u002F>Describe*, Get*, List*\"]\n",{"type":29,"tag":184,"props":1816,"children":1817},{"class":186,"line":215},[1818],{"type":29,"tag":184,"props":1819,"children":1820},{"style":191},[1821],{"type":35,"value":1822},"    C --> D[\"Kaynak Kısıtlaması\u003Cbr\u002F>arn:…:ap-southeast-1\u003Cbr\u002F>belirli bucket\"]\n",{"type":29,"tag":184,"props":1824,"children":1825},{"class":186,"line":224},[1826],{"type":29,"tag":184,"props":1827,"children":1828},{"style":191},[1829],{"type":35,"value":1830},"    D --> E[\"En Az Ayrıcalıklı Politika\"]\n",{"type":29,"tag":246,"props":1832,"children":1834},{"icon":1833},"ph:info-duotone",[1835],{"type":29,"tag":38,"props":1836,"children":1837},{},[1838,1842,1844,1849],{"type":29,"tag":105,"props":1839,"children":1840},{},[1841],{"type":35,"value":257},{"type":35,"value":1843}," AWS IAM Policy Simulator, politika değişikliklerini üretime almadan önce test etmenizi sağlar (",{"type":29,"tag":44,"props":1845,"children":1847},{"link":1846},"https:\u002F\u002Fpolicysim.aws.amazon.com",[1848],{"type":35,"value":16},{"type":35,"value":1850},"). Simülatör, belirli bir kullanıcı ve eylem için politikanın izin verip vermediğini gösterir; bu sayede en az ayrıcalık geçişlerinde hatalı ret (false deny) riskini ortadan kaldırırsınız.",{"type":29,"tag":30,"props":1852,"children":1854},{"id":1853},"diğer-bulutlarda-en-az-ayrıcalık-azure-ve-gcp",[1855],{"type":35,"value":1856},"Diğer bulutlarda en az ayrıcalık: Azure ve GCP",{"type":29,"tag":38,"props":1858,"children":1859},{},[1860],{"type":35,"value":1861},"Bu üç büyük sağlayıcıda prensip aynıdır, yalnızca uygulama araçları değişir.",{"type":29,"tag":81,"props":1863,"children":1864},{},[1865,1909],{"type":29,"tag":85,"props":1866,"children":1867},{},[1868,1873,1875,1881,1882,1887,1888,1893,1895,1899,1901,1907],{"type":29,"tag":105,"props":1869,"children":1870},{},[1871],{"type":35,"value":1872},"Azure RBAC:",{"type":35,"value":1874}," Azure, yerleşik (built‑in) roller sunar (örneğin, ",{"type":29,"tag":1876,"props":1877,"children":1878},"em",{},[1879],{"type":35,"value":1880},"Reader",{"type":35,"value":1222},{"type":29,"tag":1876,"props":1883,"children":1884},{},[1885],{"type":35,"value":1886},"Contributor",{"type":35,"value":1222},{"type":29,"tag":1876,"props":1889,"children":1890},{},[1891],{"type":35,"value":1892},"Owner",{"type":35,"value":1894},"). En az ayrıcalık için, bu genel roller yerine özel (custom) roller oluşturup yalnızca ihtiyaç duyulan eylemleri atayabilirsiniz. Azure AD Privileged Identity Management (PIM) ile just‑in‑time yetkilendirme de mümkündür. Önemli bir tuzak: ",{"type":29,"tag":1876,"props":1896,"children":1897},{},[1898],{"type":35,"value":1886},{"type":35,"value":1900}," rolü, Azure Key Vault’taki sırları varsayılan olarak okuyamaz, ancak VM’lere bu sırları enjekte edebilir; bu tür ince ayrımları anlamak, en az ayrıcalık tasarımının kritik parçasıdır (",{"type":29,"tag":44,"props":1902,"children":1904},{"link":1903},"https:\u002F\u002Flearn.microsoft.com\u002Ftr-tr\u002Fazure\u002Frole-based-access-control\u002Fbest-practices",[1905],{"type":35,"value":1906},"Azure Belgeleri",{"type":35,"value":1908},").",{"type":29,"tag":85,"props":1910,"children":1911},{},[1912,1917,1919,1925],{"type":29,"tag":105,"props":1913,"children":1914},{},[1915],{"type":35,"value":1916},"GCP IAM:",{"type":35,"value":1918}," GCP, önceden tanımlanmış roller (predefined roles) ve özel roller sunar. Kaynak hiyerarşisi (organizasyon > klasör > proje) sayesinde politikalar yukarıdan aşağıya devralınır. IAM Recommender, aşırı izinleri otomatik olarak tespit eder ve size daraltma önerileri sunar (",{"type":29,"tag":44,"props":1920,"children":1922},{"link":1921},"https:\u002F\u002Fcloud.google.com\u002Fiam\u002Fdocs\u002Fusing-iam-securely",[1923],{"type":35,"value":1924},"GCP Belgeleri",{"type":35,"value":1908},{"type":29,"tag":38,"props":1927,"children":1928},{},[1929,1931,1937,1939,1945,1946,1952],{"type":35,"value":1930},"Her üç platformda da “izin yükseltme” (privilege escalation) riski vardır; örneğin, ",{"type":29,"tag":53,"props":1932,"children":1934},{"className":1933},[],[1935],{"type":35,"value":1936},"iam.serviceAccounts.actAs",{"type":35,"value":1938}," gibi bir yetki, GCP’de yeni bir kimlik üstlenmeye yol açabilir. AWS tarafında ise ",{"type":29,"tag":53,"props":1940,"children":1942},{"className":1941},[],[1943],{"type":35,"value":1944},"iam:PassRole",{"type":35,"value":1222},{"type":29,"tag":53,"props":1947,"children":1949},{"className":1948},[],[1950],{"type":35,"value":1951},"iam:CreatePolicyVersion",{"type":35,"value":1953}," gibi eylemler özellikle tehlikelidir ve mümkünse hiçbir rolde bulunmamalıdır.",{"type":29,"tag":246,"props":1955,"children":1956},{"icon":248},[1957],{"type":29,"tag":38,"props":1958,"children":1959},{},[1960,1964,1966,1970,1971,1975],{"type":29,"tag":105,"props":1961,"children":1962},{},[1963],{"type":35,"value":257},{"type":35,"value":1965}," Hem Azure RBAC’teki özel roller hem de GCP IAM Recommender, ortamınızdaki aşırı izinleri belirlemenize yardımcı olur (",{"type":29,"tag":44,"props":1967,"children":1968},{"link":1903},[1969],{"type":35,"value":17},{"type":35,"value":1222},{"type":29,"tag":44,"props":1972,"children":1973},{"link":1921},[1974],{"type":35,"value":18},{"type":35,"value":1976},"). Bu araçlar, manuel politika yazımı sırasında gözden kaçabilecek joker karakter kullanımlarını ve gereksiz geniş yetkileri otomatik olarak işaretler.",{"type":29,"tag":1978,"props":1979,"children":1982},"video-embed",{"id":1980,"type":1981},"megA6BPpYqo","youtube",[],{"type":29,"tag":30,"props":1984,"children":1986},{"id":1985},"sürekli-en-az-ayrıcalık-için-stratejiler-ve-araçlar",[1987],{"type":35,"value":1988},"Sürekli en az ayrıcalık için stratejiler ve araçlar",{"type":29,"tag":38,"props":1990,"children":1991},{},[1992],{"type":35,"value":1993},"Politika yazmak bir başlangıçtır; asıl mesele bu durumu sürdürmektir.",{"type":29,"tag":81,"props":1995,"children":1996},{},[1997,2007,2024,2042,2052],{"type":29,"tag":85,"props":1998,"children":1999},{},[2000,2005],{"type":29,"tag":105,"props":2001,"children":2002},{},[2003],{"type":35,"value":2004},"IAM Access Analyzer (AWS):",{"type":35,"value":2006}," Kaynak tabanlı politikaları tarar, dış hesaplarla paylaşılan kaynakları bulur ve aşırı izinleri belirler. Politika önerileri sunar.",{"type":29,"tag":85,"props":2008,"children":2009},{},[2010,2015,2017,2022],{"type":29,"tag":105,"props":2011,"children":2012},{},[2013],{"type":35,"value":2014},"Service Control Policies (SCP’ler):",{"type":35,"value":2016}," AWS Organizations ile hesap düzeyinde güvenlik sınırları çizer. Örneğin, ",{"type":29,"tag":53,"props":2018,"children":2020},{"className":2019},[],[2021],{"type":35,"value":814},{"type":35,"value":2023}," iznini sadece belirli bölgelerle sınırlayan bir SCP, alt hesaplarda yanlışlıkla geniş bir politika yazılmasını engeller.",{"type":29,"tag":85,"props":2025,"children":2026},{},[2027,2032,2034,2040],{"type":29,"tag":105,"props":2028,"children":2029},{},[2030],{"type":35,"value":2031},"Altyapı Olarak Kod (IaC):",{"type":35,"value":2033}," Terraform, Pulumi veya AWS CDK ile politikaları sürüm kontrolüne alın. Her değişikliği kod incelemesinden (code review) geçirin. CI\u002FCD pipeline’ında joker karakter (",{"type":29,"tag":53,"props":2035,"children":2037},{"className":2036},[],[2038],{"type":35,"value":2039},"*",{"type":35,"value":2041},") kullanımını yasaklayan statik analiz kuralları ekleyin.",{"type":29,"tag":85,"props":2043,"children":2044},{},[2045,2050],{"type":29,"tag":105,"props":2046,"children":2047},{},[2048],{"type":35,"value":2049},"Düzenli Erişim Değerlendirmesi (Access Review):",{"type":35,"value":2051}," En az ayrıcalığın zamanla bozulmasını önlemek için üç ayda bir, kullanılmayan roller ve aşırı izinler için otomatik raporlar alın. AWS IAM Access Advisor, son kullanılan servis bilgilerini göstererek hangi izinlerin kaldırılabileceğini söyler.",{"type":29,"tag":85,"props":2053,"children":2054},{},[2055,2060],{"type":29,"tag":105,"props":2056,"children":2057},{},[2058],{"type":35,"value":2059},"Çok Faktörlü Kimlik Doğrulama (MFA):",{"type":35,"value":2061}," En az ayrıcalıklı politikalar bile kimlik hırsızlığını engelleyemez; bu yüzden tüm kullanıcılar için MFA’yı zorunlu kılın.",{"type":29,"tag":305,"props":2063,"children":2065},{"id":2064},"i̇zleme-ve-uyarı-mekanizmaları",[2066],{"type":35,"value":2067},"İzleme ve Uyarı Mekanizmaları",{"type":29,"tag":38,"props":2069,"children":2070},{},[2071],{"type":35,"value":2072},"En az ayrıcalıklı bir politika yazmak yetmez; ihlal girişimlerini ve politika değişikliklerini izlemeniz gerekir. Bir politika değiştiğinde, bu değişikliğin farkında değilseniz en az ayrıcalık hızla buharlaşır.",{"type":29,"tag":81,"props":2074,"children":2075},{},[2076,2094,2104],{"type":29,"tag":85,"props":2077,"children":2078},{},[2079,2084,2086,2092],{"type":29,"tag":105,"props":2080,"children":2081},{},[2082],{"type":35,"value":2083},"AWS CloudTrail + Config:",{"type":35,"value":2085}," IAM olaylarını CloudTrail ile kaydedin. ",{"type":29,"tag":53,"props":2087,"children":2089},{"className":2088},[],[2090],{"type":35,"value":2091},"iam-policy-changed",{"type":35,"value":2093}," gibi AWS Config kurallarıyla politika değişikliklerinde anlık uyarı alın. CloudTrail Lake ile “sıra dışı erişim kalıpları” için otomatik sorgu çalıştırabilirsiniz.",{"type":29,"tag":85,"props":2095,"children":2096},{},[2097,2102],{"type":29,"tag":105,"props":2098,"children":2099},{},[2100],{"type":35,"value":2101},"Azure Activity Log + Sentinel:",{"type":35,"value":2103}," Azure RBAC değişikliklerini Activity Log’da izleyin. Sentinel playbook’larıyla beklenmedik rol atamalarını otomatik olarak geri alabilir veya yetkiliye bildirebilirsiniz.",{"type":29,"tag":85,"props":2105,"children":2106},{},[2107,2112,2114,2120],{"type":29,"tag":105,"props":2108,"children":2109},{},[2110],{"type":35,"value":2111},"GCP Cloud Audit Logs + Security Command Center:",{"type":35,"value":2113}," ",{"type":29,"tag":53,"props":2115,"children":2117},{"className":2116},[],[2118],{"type":35,"value":2119},"SetIamPolicy",{"type":35,"value":2121}," çağrılarını Cloud Audit Logs’a kaydedin. Security Command Center Premium katmanında, IAM anomalilerini tehdit algılama ile birleştirerek proaktif uyarılar alabilirsiniz.",{"type":29,"tag":2123,"props":2124,"children":2129},"link-card",{"description":2125,"icon":2126,"link":2127,"title":2128},"Victor Feynman'ın bu 5 dakikalık demosu, CloudTrail log'larından otomatik olarak en az ayrıcalıklı politikalar oluşturma sürecini uygulamalı olarak gösteriyor.","ph:video-duotone","https:\u002F\u002Faws.amazon.com\u002Fawstv\u002Fwatch\u002F856b1a0fe71\u002F","How to Generate Least Privilege IAM Policies with AWS Access Analyzer",[],{"type":29,"tag":75,"props":2131,"children":2133},{"title":2132,"type":78},"Unique Insight",[2134],{"type":29,"tag":38,"props":2135,"children":2136},{},[2137,2142],{"type":29,"tag":105,"props":2138,"children":2139},{},[2140],{"type":35,"value":2141},"Sektör gözlemi:",{"type":35,"value":2143}," Birçok kuruluş, IAM politikalarını sıkılaştırdıktan sonra izlemeyi es geçiyor. Oysa en az ayrıcalık statik bir hedef değil, sürekli bir süreçtir. Altı ayda bir tekrarlanmayan bir erişim değerlendirmesi, ilk günkü sıkı politikanın zamanla “izin karmaşasına” dönüşmesini engelleyemez.",{"type":29,"tag":30,"props":2145,"children":2147},{"id":2146},"sonuç",[2148],{"type":35,"value":2149},"Sonuç",{"type":29,"tag":38,"props":2151,"children":2152},{},[2153,2155,2160],{"type":35,"value":2154},"En az ayrıcalık, bulut güvenliğinin en eski ama en çok ihlal edilen kurallarından biridir. Bir IAM politikasını ",{"type":29,"tag":53,"props":2156,"children":2158},{"className":2157},[],[2159],{"type":35,"value":71},{"type":35,"value":2161}," seviyesinden ihtiyaca özel hale getirmek genellikle birkaç dakika sürer. Asıl mesele, bu disiplini sürdürmektir.",{"type":29,"tag":38,"props":2163,"children":2164},{},[2165,2167,2172],{"type":35,"value":2166},"Bugün atabileceğiniz ilk adım şu: En kritik IAM rollerinizi gözden geçirin ve joker karakterleri (",{"type":29,"tag":53,"props":2168,"children":2170},{"className":2169},[],[2171],{"type":35,"value":2039},{"type":35,"value":2173},") tek tek kaldırmaya başlayın. Politika simülatöründe beklenmedik erişim engelleriyle karşılaşırsanız endişelenmeyin; hataları daraltarak ilerlemek, hiç daraltmamaktan iyidir. Unutmayın, her kaldırdığınız izin, bir sonraki güvenlik olayında sizi koruyacak bir kalkandır.",{"type":29,"tag":30,"props":2175,"children":2177},{"id":2176},"sıkça-sorulan-sorular",[2178],{"type":35,"value":2179},"Sıkça sorulan sorular",{"type":29,"tag":2181,"props":2182,"children":2184},"folding",{"title":2183},"En az ayrıcalıklı bir politika yazdıktan sonra test etmeli miyim?",[2185],{"type":29,"tag":38,"props":2186,"children":2187},{},[2188],{"type":35,"value":2189},"Kesinlikle. AWS IAM Policy Simulator veya Azure Resource Manager’daki What‑if aracı ile test yapın. Üretime almadan önce bir test hesabında politikanın işlevselliğini doğrulamak, hatalı erişim kısıtlamalarını önleyecektir.",{"type":29,"tag":2181,"props":2191,"children":2193},{"title":2192},"Her servis için ayrı bir politika mı yazmalıyım?",[2194],{"type":29,"tag":38,"props":2195,"children":2196},{},[2197],{"type":35,"value":2198},"Evet, mümkün olduğunca tek bir sorumluluk prensibiyle ilerleyin. Bir politika yalnızca bir servise (EC2, S3, RDS) odaklansın, bu şekilde yönetimi ve denetimi kolaylaşır. Modüler politikalar kullanan ekiplerde ihlal tespit süresi ve yönetim yükü dramatik şekilde azalmaktadır.",{"type":29,"tag":2181,"props":2200,"children":2202},{"title":2201},"Anlık yükseltilmiş yetki ihtiyacında ne yapabilirim?",[2203],{"type":29,"tag":38,"props":2204,"children":2205},{},[2206],{"type":35,"value":2207},"Just‑in‑time erişim modeli kullanın. AWS’te geçici güvenlik kimlik bilgileri (STS) ile kısa süreli roller üstlenilebilir. Azure AD PIM, tam da bu ihtiyacı karşılar ve yükseltilmiş yetkileri otomatik olarak zaman aşımına uğratır.",{"type":29,"tag":2181,"props":2209,"children":2211},{"title":2210},"Joker karakter (*) kullanımı hiçbir zaman kabul edilebilir mi?",[2212],{"type":29,"tag":38,"props":2213,"children":2214},{},[2215,2217,2223,2225,2230],{"type":35,"value":2216},"Bazı sınırlı senaryolarda kabul edilebilir. Örneğin, ",{"type":29,"tag":53,"props":2218,"children":2220},{"className":2219},[],[2221],{"type":35,"value":2222},"ec2:Describe*",{"type":35,"value":2224}," gibi salt okunur eylemlerde joker karakter kullanmak, yönetim yükünü azaltırken güvenlik riskini minimumda tutar. Ancak ",{"type":29,"tag":53,"props":2226,"children":2228},{"className":2227},[],[2229],{"type":35,"value":814},{"type":35,"value":2231}," gibi yazma yetkisi içeren joker karakterlerden her zaman kaçının.",{"type":29,"tag":30,"props":2233,"children":2235},{"id":2234},"kaynakça-ek-okuma",[2236],{"type":35,"value":2237},"Kaynakça \u002F ek okuma",{"type":29,"tag":81,"props":2239,"children":2240},{},[2241,2253,2267,2280,2292,2304,2318],{"type":29,"tag":85,"props":2242,"children":2243},{},[2244,2246],{"type":35,"value":2245},"Verizon, “2025 Data Breach Investigations Report (DBIR)”, 2025. ",{"type":29,"tag":184,"props":2247,"children":2248},{},[2249],{"type":29,"tag":44,"props":2250,"children":2251},{"link":93},[2252],{"type":35,"value":98},{"type":29,"tag":85,"props":2254,"children":2255},{},[2256,2258],{"type":35,"value":2257},"Security Boulevard (atıfla Gartner), “Top Cloud Security Challenges Businesses Face in 2025”, 2025. ",{"type":29,"tag":184,"props":2259,"children":2260},{},[2261],{"type":29,"tag":44,"props":2262,"children":2264},{"link":2263},"https:\u002F\u002Fsecurityboulevard.com\u002F2025\u002F11\u002Ftop-cloud-security-challenges-businesses-face-in-2025\u002F",[2265],{"type":35,"value":2266},"Security Boulevard",{"type":29,"tag":85,"props":2268,"children":2269},{},[2270,2272],{"type":35,"value":2271},"AWS Well‑Architected Framework, Security Pillar: Identity and Access Management, 2025. ",{"type":29,"tag":184,"props":2273,"children":2274},{},[2275],{"type":29,"tag":44,"props":2276,"children":2278},{"link":2277},"https:\u002F\u002Fdocs.aws.amazon.com\u002Fwellarchitected\u002F",[2279],{"type":35,"value":16},{"type":29,"tag":85,"props":2281,"children":2282},{},[2283,2285],{"type":35,"value":2284},"Microsoft Azure Belgeleri, “Azure RBAC için en iyi uygulamalar”, 2025. ",{"type":29,"tag":184,"props":2286,"children":2287},{},[2288],{"type":29,"tag":44,"props":2289,"children":2290},{"link":1903},[2291],{"type":35,"value":17},{"type":29,"tag":85,"props":2293,"children":2294},{},[2295,2297],{"type":35,"value":2296},"Google Cloud Belgeleri, “IAM’i güvenli kullanma”, 2025. ",{"type":29,"tag":184,"props":2298,"children":2299},{},[2300],{"type":29,"tag":44,"props":2301,"children":2302},{"link":1921},[2303],{"type":35,"value":18},{"type":29,"tag":85,"props":2305,"children":2306},{},[2307,2309],{"type":35,"value":2308},"Cybersecurity Insiders \u002F Fortinet, “2025 State of Cloud Security Report”, 2025. ",{"type":29,"tag":184,"props":2310,"children":2311},{},[2312],{"type":29,"tag":44,"props":2313,"children":2315},{"link":2314},"https:\u002F\u002Fwww.cybersecurity-insiders.com\u002Fportfolio\u002F2025-state-of-cloud-security-report-fortinet\u002F",[2316],{"type":35,"value":2317},"Cybersecurity Insiders",{"type":29,"tag":85,"props":2319,"children":2320},{},[2321,2323],{"type":35,"value":2322},"AWS IAM Policy Simulator, ",{"type":29,"tag":184,"props":2324,"children":2325},{},[2326],{"type":29,"tag":44,"props":2327,"children":2328},{"link":1846},[2329],{"type":35,"value":2330},"Simulator",{"type":29,"tag":2332,"props":2333,"children":2334},"style",{},[2335],{"type":35,"value":2336},"html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}",{"title":7,"searchDepth":215,"depth":215,"links":2338},[2339,2340,2341,2342,2348,2349,2352,2353,2354],{"id":32,"depth":197,"text":36},{"id":119,"depth":197,"text":122},{"id":157,"depth":197,"text":160},{"id":278,"depth":197,"text":281,"children":2343},[2344,2345,2346,2347],{"id":307,"depth":206,"text":310},{"id":500,"depth":206,"text":503},{"id":826,"depth":206,"text":829},{"id":1240,"depth":206,"text":1243},{"id":1853,"depth":197,"text":1856},{"id":1985,"depth":197,"text":1988,"children":2350},[2351],{"id":2064,"depth":206,"text":2067},{"id":2146,"depth":197,"text":2149},{"id":2176,"depth":197,"text":2179},{"id":2234,"depth":197,"text":2237},"markdown","content:posts:2026:aws-iam-least-privilege-rehberi.md","content","posts\u002F2026\u002Faws-iam-least-privilege-rehberi.md","posts\u002F2026\u002Faws-iam-least-privilege-rehberi","md","\u002Fposts",[2363,2367],{"_path":2364,"title":2365,"date":2366},"\u002F2026\u002Faws-iam-kimlik-bilgileri-guvenli-yonetimi","AWS IAM Kimlik Bilgileri Nasıl Güvenli Yönetilir?","2026-04-24T19:19:39.000Z",{"_path":2368,"title":2369,"date":2370},"\u002F2026\u002Faws-sts-ve-gecici-kimlik-bilgileri","AWS STS ve Geçici Kimlik Bilgileri: Uzun Vadeli Anahtarlardan Kurtulup Güvenli Rol Geçişine Adım Atın","2026-04-28T08:15:00.000Z",1780419439834]