[{"data":1,"prerenderedAt":1554},["ShallowReactive",2],{"\u002F2026\u002Faws-sts-ve-gecici-kimlik-bilgileri\u002F":3,"surround-\u002F2026\u002Faws-sts-ve-gecici-kimlik-bilgileri":1545},{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":8,"description":9,"date":10,"updated":10,"image":11,"categories":12,"tags":14,"draft":6,"readingTime":21,"body":26,"_type":1538,"_id":1539,"_source":1540,"_file":1541,"_stem":1542,"_extension":1543,"_original_dir":1544},"\u002F2026\u002Faws-sts-ve-gecici-kimlik-bilgileri","2026",false,"","AWS STS ve Geçici Kimlik Bilgileri: Uzun Vadeli Anahtarlardan Kurtulup Güvenli Rol Geçişine Adım Atın","Kalıcı AKIA anahtarlarının risklerinden kurtulup, AWS STS (Security Token Service) ile kısa ömürlü ve güvenli ASIA anahtarlarına geçiş rehberi. AssumeRole mimarisi ve güvenlik pratikleri.","2026-04-28T08:15:00.000Z","https:\u002F\u002Fhackpaper-image-server.pages.dev\u002Fimages\u002Fblogs\u002Faws-sts-ve-gecici-kimlik-bilgileri\u002F1.jpg",[13],"Cloud",[15,16,17,18,19,20],"AWS","IAM","STS","Security","Identity","Cloud-Security",{"text":22,"minutes":23,"time":24,"words":25},"7 min read",6.44,386400,1288,{"type":27,"children":28,"toc":1527},"root",[29,38,53,83,151,157,190,195,223,308,314,327,332,425,524,533,549,555,576,736,741,796,802,821,861,880,897,957,962,1028,1083,1119,1125,1130,1307,1313,1332,1338,1363,1379,1419,1435,1441,1521],{"type":30,"tag":31,"props":32,"children":34},"element","h2",{"id":33},"giriş",[35],{"type":36,"value":37},"text","Giriş",{"type":30,"tag":39,"props":40,"children":41},"p",{},[42,44,51],{"type":36,"value":43},"Bir IAM kullanıcısı için üretilen uzun vadeli erişim anahtarı (",{"type":30,"tag":45,"props":46,"children":48},"code",{"className":47},[],[49],{"type":36,"value":50},"AKIA*",{"type":36,"value":52},"), oluşturulduğu andan itibaren siz onu silinceye veya devre dışı bırakıncaya kadar yaşar. Kulağa masum geliyor olabilir, ancak bu anahtar yanlışlıkla bir Git reposuna itildiğinde, bir yapılandırma dosyasına gömüldüğünde ya da bir log çıktısında göründüğünde, hesabınıza süresiz bir \"anahtar\" teslim etmiş olursunuz.",{"type":30,"tag":39,"props":54,"children":55},{},[56,58,64,66,73,75,81],{"type":36,"value":57},"IBM'in 2024 Veri Sızıntısı Maliyeti Raporu'na göre, küresel ortalama veri ihlali maliyeti ",{"type":30,"tag":59,"props":60,"children":61},"strong",{},[62],{"type":36,"value":63},"4,88 milyon dolar",{"type":36,"value":65}," ile rekor kırdı ve çalınan veya sızdırılmış kimlik bilgileri en yaygın ilk saldırı vektörü olmaya devam etti (tüm ihlallerin %15'i) (",{"type":30,"tag":67,"props":68,"children":70},"badge",{"link":69},"https:\u002F\u002Fwww.ibm.com\u002Fthink\u002Finsights\u002Fwhats-new-2024-cost-of-a-data-breach-report",[71],{"type":36,"value":72},"IBM",{"type":36,"value":74},", 2024). AWS Security Token Service (STS) ise tam da bu noktada devreye girerek, kalıcı anahtarları yalnızca başlangıç noktası haline getirmenizi ve asıl işleri kısa ömürlü, denetlenebilir oturumlarla yapmanızı sağlar. Bu yazıda, bir IAM kullanıcısından başlayıp ",{"type":30,"tag":45,"props":76,"children":78},{"className":77},[],[79],{"type":36,"value":80},"AssumeRole",{"type":36,"value":82}," ile geçici rol kimlik bilgilerine nasıl geçildiğini, bu mimarinin saldırı yüzeyini nasıl daralttığını ve savunma tarafında hangi pratik adımları atmanız gerektiğini ele alacağız.",{"type":30,"tag":84,"props":85,"children":88},"alert",{"type":86,"title":87},"info","Key Takeaways",[89],{"type":30,"tag":90,"props":91,"children":92},"ul",{},[93,118,139],{"type":30,"tag":94,"props":95,"children":96},"li",{},[97,99,105,107,116],{"type":36,"value":98},"Uzun vadeli ",{"type":30,"tag":45,"props":100,"children":102},{"className":101},[],[103],{"type":36,"value":104},"AKIA",{"type":36,"value":106}," anahtarları süresizdir ve sızdığında hesabın tamamen ele geçirilmesine yol açabilir (",{"type":30,"tag":108,"props":109,"children":113},"a",{"href":110,"rel":111},"https:\u002F\u002Fwww.gitguardian.com\u002Fstate-of-secrets-sprawl-report-2024",[112],"nofollow",[114],{"type":36,"value":115},"GitGuardian",{"type":36,"value":117},", 2024).",{"type":30,"tag":94,"props":119,"children":120},{},[121,123,129,131,137],{"type":36,"value":122},"AWS STS ile alınan ",{"type":30,"tag":45,"props":124,"children":126},{"className":125},[],[127],{"type":36,"value":128},"ASIA",{"type":36,"value":130}," anahtarları, oturum belirteci (",{"type":30,"tag":45,"props":132,"children":134},{"className":133},[],[135],{"type":36,"value":136},"SessionToken",{"type":36,"value":138},") ile birlikte kullanılır ve en fazla 12 saat geçerlidir.",{"type":30,"tag":94,"props":140,"children":141},{},[142,144,149],{"type":36,"value":143},"Rol geçişi (",{"type":30,"tag":45,"props":145,"children":147},{"className":146},[],[148],{"type":36,"value":80},{"type":36,"value":150},"), en az yetki ilkesini uygulamanın, denetim izlerini netleştirmenin ve anahtar yönetimini merkezileştirmenin temelidir.",{"type":30,"tag":31,"props":152,"children":154},{"id":153},"uzun-vadeli-anahtarlar-neden-bu-kadar-tehlikeli",[155],{"type":36,"value":156},"Uzun vadeli anahtarlar neden bu kadar tehlikeli?",{"type":30,"tag":39,"props":158,"children":159},{},[160,162,168,170,175,177,182,184,188],{"type":36,"value":161},"Bir IAM kullanıcısına ait uzun vadeli erişim anahtarı (",{"type":30,"tag":45,"props":163,"children":165},{"className":164},[],[166],{"type":36,"value":167},"AKIA...",{"type":36,"value":169},"), kullanıcıya tanımlanan yetkileri sonsuza kadar taşır. Oysa GitGuardian'ın 2024 yılında yayımladığı \"State of Secrets Sprawl\" raporuna göre, 2023 yılında kamuya açık GitHub repolarında ",{"type":30,"tag":59,"props":171,"children":172},{},[173],{"type":36,"value":174},"12,8 milyon yeni secret",{"type":36,"value":176}," tespit edildi (%28 artış) ve bunların içinde ",{"type":30,"tag":59,"props":178,"children":179},{},[180],{"type":36,"value":181},"140.000'den fazla AWS erişim anahtarı",{"type":36,"value":183}," bulunuyordu (",{"type":30,"tag":67,"props":185,"children":186},{"link":110},[187],{"type":36,"value":115},{"type":36,"value":189},", 2024). Bu anahtar herhangi bir süre sınırı olmadığı için, saldırgan onu ele geçirdiği anda o kullanıcının tüm yetkilerini kullanmaya başlayabilir.",{"type":30,"tag":39,"props":191,"children":192},{},[193],{"type":36,"value":194},"Daha da vahimi, geliştirme ortamında test amacıyla üretilen bir anahtarın, üretim ortamındaki S3 bucket'larını okumak veya DynamoDB tablolarını listelemek gibi hiç beklenmedik yetkilere sahip olmasıdır. Bulut güvenliğinde \"zaman\" en kritik savunma katmanlarından biridir. Süresiz anahtarlar bu katmanı tamamen ortadan kaldırır.",{"type":30,"tag":196,"props":197,"children":199},"quote",{"icon":198},"ph:shield-check-duotone",[200],{"type":30,"tag":39,"props":201,"children":202},{},[203,208,210,214,216,221],{"type":30,"tag":59,"props":204,"children":205},{},[206],{"type":36,"value":207},"Atıf Kapsülü:",{"type":36,"value":209}," GitGuardian'ın 2024 raporuna göre 2023'te GitHub'da 12,8 milyon yeni kimlik bilgisi sızıntısı tespit edildi ve bunların içinde 140.000'den fazla AWS uzun vadeli anahtarı bulunuyor (",{"type":30,"tag":67,"props":211,"children":212},{"link":110},[213],{"type":36,"value":115},{"type":36,"value":215},", 2024). Sızan bir ",{"type":30,"tag":45,"props":217,"children":219},{"className":218},[],[220],{"type":36,"value":104},{"type":36,"value":222}," anahtarı, kullanıcıyla aynı yetkilere süresiz erişim sağladığı için, bulut hesaplarında kalıcı bir arka kapıya dönüşür.",{"type":30,"tag":224,"props":225,"children":229},"pre",{"className":226,"code":227,"language":228,"meta":7,"style":7},"language-mermaid shiki shiki-themes catppuccin-latte one-dark-pro","flowchart TD\n    A[AKIA Anahtarı GitHub'da Sızdı] --> B{Saldırgan Keşif Yapar}\n    B -->|IAM: ListUsers, ListRoles| C{Saldırgan Yetki Yükseltme Dener}\n    C -->|STS: AssumeRole| D[Rolü Başarıyla Üstlenir]\n    D --> E[Yüksek Yetkili Oturum Açar]\n    E --> F[Veri Sızıntısı \u002F S3:GetObject]\n    C -->|MFA veya IP Kısıtı Var| G[Erişim Engellenir]\n    G --> H[CloudTrail'e AccessDenied Düşer]\n","mermaid",[230],{"type":30,"tag":45,"props":231,"children":232},{"__ignoreMap":7},[233,245,254,263,272,281,290,299],{"type":30,"tag":234,"props":235,"children":238},"span",{"class":236,"line":237},"line",1,[239],{"type":30,"tag":234,"props":240,"children":242},{"style":241},"--shiki-default:#4C4F69;--shiki-dark:#ABB2BF",[243],{"type":36,"value":244},"flowchart TD\n",{"type":30,"tag":234,"props":246,"children":248},{"class":236,"line":247},2,[249],{"type":30,"tag":234,"props":250,"children":251},{"style":241},[252],{"type":36,"value":253},"    A[AKIA Anahtarı GitHub'da Sızdı] --> B{Saldırgan Keşif Yapar}\n",{"type":30,"tag":234,"props":255,"children":257},{"class":236,"line":256},3,[258],{"type":30,"tag":234,"props":259,"children":260},{"style":241},[261],{"type":36,"value":262},"    B -->|IAM: ListUsers, ListRoles| C{Saldırgan Yetki Yükseltme Dener}\n",{"type":30,"tag":234,"props":264,"children":266},{"class":236,"line":265},4,[267],{"type":30,"tag":234,"props":268,"children":269},{"style":241},[270],{"type":36,"value":271},"    C -->|STS: AssumeRole| D[Rolü Başarıyla Üstlenir]\n",{"type":30,"tag":234,"props":273,"children":275},{"class":236,"line":274},5,[276],{"type":30,"tag":234,"props":277,"children":278},{"style":241},[279],{"type":36,"value":280},"    D --> E[Yüksek Yetkili Oturum Açar]\n",{"type":30,"tag":234,"props":282,"children":284},{"class":236,"line":283},6,[285],{"type":30,"tag":234,"props":286,"children":287},{"style":241},[288],{"type":36,"value":289},"    E --> F[Veri Sızıntısı \u002F S3:GetObject]\n",{"type":30,"tag":234,"props":291,"children":293},{"class":236,"line":292},7,[294],{"type":30,"tag":234,"props":295,"children":296},{"style":241},[297],{"type":36,"value":298},"    C -->|MFA veya IP Kısıtı Var| G[Erişim Engellenir]\n",{"type":30,"tag":234,"props":300,"children":302},{"class":236,"line":301},8,[303],{"type":30,"tag":234,"props":304,"children":305},{"style":241},[306],{"type":36,"value":307},"    G --> H[CloudTrail'e AccessDenied Düşer]\n",{"type":30,"tag":31,"props":309,"children":311},{"id":310},"aws-sts-ve-assumerole-geçici-kimliğe-nasıl-geçilir",[312],{"type":36,"value":313},"AWS STS ve AssumeRole: Geçici kimliğe nasıl geçilir?",{"type":30,"tag":39,"props":315,"children":316},{},[317,319,325],{"type":36,"value":318},"AWS STS (Security Token Service), geçici ve sınırlı süreli güvenlik bilgileri talep etmenizi sağlayan bir web servisidir. En yaygın kullanımı, güvenilir bir varlığın (örneğin bir IAM kullanıcısının) bir IAM rolünü ",{"type":30,"tag":45,"props":320,"children":322},{"className":321},[],[323],{"type":36,"value":324},"assume-role",{"type":36,"value":326}," çağrısıyla üstlenmesidir.",{"type":30,"tag":39,"props":328,"children":329},{},[330],{"type":36,"value":331},"Süreç tipik olarak şöyle işler:",{"type":30,"tag":90,"props":333,"children":334},{},[335,354,372,384],{"type":30,"tag":94,"props":336,"children":337},{},[338,344,346,352],{"type":30,"tag":45,"props":339,"children":341},{"className":340},[],[342],{"type":36,"value":343},"stajyer",{"type":36,"value":345}," adlı IAM kullanıcısı, ",{"type":30,"tag":45,"props":347,"children":349},{"className":348},[],[350],{"type":36,"value":351},"stajyerler",{"type":36,"value":353}," grubunun bir üyesidir.",{"type":30,"tag":94,"props":355,"children":356},{},[357,362,364,370],{"type":30,"tag":45,"props":358,"children":360},{"className":359},[],[361],{"type":36,"value":351},{"type":36,"value":363}," grubuna, ",{"type":30,"tag":45,"props":365,"children":367},{"className":366},[],[368],{"type":36,"value":369},"uzman",{"type":36,"value":371}," rolünü üstlenme izni veren bir politika tanımlanmıştır.",{"type":30,"tag":94,"props":373,"children":374},{},[375,377,382],{"type":36,"value":376},"Kullanıcı, uzun vadeli ",{"type":30,"tag":45,"props":378,"children":380},{"className":379},[],[381],{"type":36,"value":104},{"type":36,"value":383}," anahtarını kullanarak STS'ye \"bu rolü benim için üstlen\" talebinde bulunur.",{"type":30,"tag":94,"props":385,"children":386},{},[387,389,395,397,402,404,410,412,417,418,423],{"type":36,"value":388},"STS, rolün güven ilişkisini (",{"type":30,"tag":45,"props":390,"children":392},{"className":391},[],[393],{"type":36,"value":394},"trust policy",{"type":36,"value":396},") denetler; izin varsa ",{"type":30,"tag":59,"props":398,"children":399},{},[400],{"type":36,"value":401},"geçici erişim anahtarı",{"type":36,"value":403}," (",{"type":30,"tag":45,"props":405,"children":407},{"className":406},[],[408],{"type":36,"value":409},"ASIA...",{"type":36,"value":411},"), gizli anahtar ve bir ",{"type":30,"tag":59,"props":413,"children":414},{},[415],{"type":36,"value":416},"oturum belirteci",{"type":36,"value":403},{"type":30,"tag":45,"props":419,"children":421},{"className":420},[],[422],{"type":36,"value":136},{"type":36,"value":424},") döner.",{"type":30,"tag":224,"props":426,"children":428},{"className":226,"code":427,"language":228,"meta":7,"style":7},"sequenceDiagram\n    participant K as Kullanıcı (stajyer)\n    participant STS as AWS STS\n    participant R as IAM Rolü (uzman)\n\n    K->>STS: assume-role (AKIA anahtarı ile)\n    STS->>R: Güven ilişkisini kontrol et\n    R-->>STS: İzin verildi\n    STS-->>K: Geçici ASIA anahtarı + Token + Süre\n    K->>AWS API: ASIA anahtarı ile istek\n    AWS API-->>K: Rol yetkileriyle yanıt\n",[429],{"type":30,"tag":45,"props":430,"children":431},{"__ignoreMap":7},[432,440,448,456,464,473,481,489,497,506,515],{"type":30,"tag":234,"props":433,"children":434},{"class":236,"line":237},[435],{"type":30,"tag":234,"props":436,"children":437},{"style":241},[438],{"type":36,"value":439},"sequenceDiagram\n",{"type":30,"tag":234,"props":441,"children":442},{"class":236,"line":247},[443],{"type":30,"tag":234,"props":444,"children":445},{"style":241},[446],{"type":36,"value":447},"    participant K as Kullanıcı (stajyer)\n",{"type":30,"tag":234,"props":449,"children":450},{"class":236,"line":256},[451],{"type":30,"tag":234,"props":452,"children":453},{"style":241},[454],{"type":36,"value":455},"    participant STS as AWS STS\n",{"type":30,"tag":234,"props":457,"children":458},{"class":236,"line":265},[459],{"type":30,"tag":234,"props":460,"children":461},{"style":241},[462],{"type":36,"value":463},"    participant R as IAM Rolü (uzman)\n",{"type":30,"tag":234,"props":465,"children":466},{"class":236,"line":274},[467],{"type":30,"tag":234,"props":468,"children":470},{"emptyLinePlaceholder":469},true,[471],{"type":36,"value":472},"\n",{"type":30,"tag":234,"props":474,"children":475},{"class":236,"line":283},[476],{"type":30,"tag":234,"props":477,"children":478},{"style":241},[479],{"type":36,"value":480},"    K->>STS: assume-role (AKIA anahtarı ile)\n",{"type":30,"tag":234,"props":482,"children":483},{"class":236,"line":292},[484],{"type":30,"tag":234,"props":485,"children":486},{"style":241},[487],{"type":36,"value":488},"    STS->>R: Güven ilişkisini kontrol et\n",{"type":30,"tag":234,"props":490,"children":491},{"class":236,"line":301},[492],{"type":30,"tag":234,"props":493,"children":494},{"style":241},[495],{"type":36,"value":496},"    R-->>STS: İzin verildi\n",{"type":30,"tag":234,"props":498,"children":500},{"class":236,"line":499},9,[501],{"type":30,"tag":234,"props":502,"children":503},{"style":241},[504],{"type":36,"value":505},"    STS-->>K: Geçici ASIA anahtarı + Token + Süre\n",{"type":30,"tag":234,"props":507,"children":509},{"class":236,"line":508},10,[510],{"type":30,"tag":234,"props":511,"children":512},{"style":241},[513],{"type":36,"value":514},"    K->>AWS API: ASIA anahtarı ile istek\n",{"type":30,"tag":234,"props":516,"children":518},{"class":236,"line":517},11,[519],{"type":30,"tag":234,"props":520,"children":521},{"style":241},[522],{"type":36,"value":523},"    AWS API-->>K: Rol yetkileriyle yanıt\n",{"type":30,"tag":84,"props":525,"children":527},{"type":86,"title":526},"Eşsiz Öngörü",[528],{"type":30,"tag":39,"props":529,"children":530},{},[531],{"type":36,"value":532},"Pek çok bulut güvenlik eğitimi, STS'i yalnızca \"yardımcı bir servis\" gibi tanıtır. Oysa STS, modern bulut güvenlik mimarisinin bel kemiğidir; zira her API isteğinin kısa ömürlü bir kimlikle yapılmasını zorunlu kılarak, saldırı yüzeyini geçici ve daraltılabilir hale getirir.",{"type":30,"tag":84,"props":534,"children":536},{"type":86,"title":535},"Saha Gözlemi",[537],{"type":30,"tag":39,"props":538,"children":539},{},[540,542,547],{"type":36,"value":541},"Yapılan pek çok bulut güvenlik denetimi, üretim ortamında kullanılmayan ancak ",{"type":30,"tag":45,"props":543,"children":545},{"className":544},[],[546],{"type":36,"value":80},{"type":36,"value":548}," izni açık bırakılmış IAM kullanıcılarının ciddi bir risk oluşturduğunu gösteriyor. Geçici ihtiyaçlar için oluşturulup unutulan bu kullanıcılar, saldırganlar için kritik birer \"arka kapı\" haline gelebiliyor.",{"type":30,"tag":31,"props":550,"children":552},{"id":551},"kimlik-prefixleri-cloudtrailde-olay-incelemeyi-hızlandıran-ipuçları",[553],{"type":36,"value":554},"Kimlik prefix'leri: CloudTrail'de olay incelemeyi hızlandıran ipuçları",{"type":30,"tag":39,"props":556,"children":557},{},[558,560,566,568,574],{"type":36,"value":559},"AWS, her kaynak türünü belirli bir kimlik ön eki (prefix) ile işaretler. Bir güvenlik olayı anında CloudTrail loglarına baktığınızda, ",{"type":30,"tag":45,"props":561,"children":563},{"className":562},[],[564],{"type":36,"value":565},"UserId",{"type":36,"value":567}," veya ",{"type":30,"tag":45,"props":569,"children":571},{"className":570},[],[572],{"type":36,"value":573},"AccessKeyId",{"type":36,"value":575}," alanında gördüğünüz bu prefix'ler, olayın kaynağını saniyeler içinde anlamanızı sağlar.",{"type":30,"tag":577,"props":578,"children":579},"table",{},[580,604],{"type":30,"tag":581,"props":582,"children":583},"thead",{},[584],{"type":30,"tag":585,"props":586,"children":587},"tr",{},[588,594,599],{"type":30,"tag":589,"props":590,"children":591},"th",{},[592],{"type":36,"value":593},"Prefix",{"type":30,"tag":589,"props":595,"children":596},{},[597],{"type":36,"value":598},"Kaynak Türü",{"type":30,"tag":589,"props":600,"children":601},{},[602],{"type":36,"value":603},"Açıklama",{"type":30,"tag":605,"props":606,"children":607},"tbody",{},[608,635,655,682,709],{"type":30,"tag":585,"props":609,"children":610},{},[611,620,625],{"type":30,"tag":612,"props":613,"children":614},"td",{},[615],{"type":30,"tag":59,"props":616,"children":617},{},[618],{"type":36,"value":619},"AIDA",{"type":30,"tag":612,"props":621,"children":622},{},[623],{"type":36,"value":624},"IAM Kullanıcı (User)",{"type":30,"tag":612,"props":626,"children":627},{},[628,633],{"type":30,"tag":45,"props":629,"children":631},{"className":630},[],[632],{"type":36,"value":565},{"type":36,"value":634}," alanında görülür.",{"type":30,"tag":585,"props":636,"children":637},{},[638,645,650],{"type":30,"tag":612,"props":639,"children":640},{},[641],{"type":30,"tag":59,"props":642,"children":643},{},[644],{"type":36,"value":104},{"type":30,"tag":612,"props":646,"children":647},{},[648],{"type":36,"value":649},"Uzun vadeli erişim anahtarı",{"type":30,"tag":612,"props":651,"children":652},{},[653],{"type":36,"value":654},"Süresiz, yüksek risk.",{"type":30,"tag":585,"props":656,"children":657},{},[658,665,670],{"type":30,"tag":612,"props":659,"children":660},{},[661],{"type":30,"tag":59,"props":662,"children":663},{},[664],{"type":36,"value":128},{"type":30,"tag":612,"props":666,"children":667},{},[668],{"type":36,"value":669},"Geçici erişim anahtarı (STS)",{"type":30,"tag":612,"props":671,"children":672},{},[673,675,680],{"type":36,"value":674},"Mutlaka ",{"type":30,"tag":45,"props":676,"children":678},{"className":677},[],[679],{"type":36,"value":136},{"type":36,"value":681}," ile gelir.",{"type":30,"tag":585,"props":683,"children":684},{},[685,693,698],{"type":30,"tag":612,"props":686,"children":687},{},[688],{"type":30,"tag":59,"props":689,"children":690},{},[691],{"type":36,"value":692},"AROA",{"type":30,"tag":612,"props":694,"children":695},{},[696],{"type":36,"value":697},"IAM Rolü",{"type":30,"tag":612,"props":699,"children":700},{},[701,707],{"type":30,"tag":45,"props":702,"children":704},{"className":703},[],[705],{"type":36,"value":706},"AssumedRoleId",{"type":36,"value":708}," içinde yer alır.",{"type":30,"tag":585,"props":710,"children":711},{},[712,720,725],{"type":30,"tag":612,"props":713,"children":714},{},[715],{"type":30,"tag":59,"props":716,"children":717},{},[718],{"type":36,"value":719},"AGPA",{"type":30,"tag":612,"props":721,"children":722},{},[723],{"type":36,"value":724},"IAM Grubu",{"type":30,"tag":612,"props":726,"children":727},{},[728,734],{"type":30,"tag":45,"props":729,"children":731},{"className":730},[],[732],{"type":36,"value":733},"GroupId",{"type":36,"value":735}," için kullanılır.",{"type":30,"tag":39,"props":737,"children":738},{},[739],{"type":36,"value":740},"Aşağıdaki karar ağacı, bir olay anında hızlı sınıflandırma yapmanıza yardımcı olur:",{"type":30,"tag":224,"props":742,"children":744},{"className":226,"code":743,"language":228,"meta":7,"style":7},"graph TD\n    E[Erişim anahtarı prefix'i] -->|AKIA| U[Uzun vadeli kullanıcı anahtarı\u003Cbr\u002F>Risk: Süresiz erişim]\n    E -->|ASIA| G[Geçici STS anahtarı\u003Cbr\u002F>SessionToken ile birlikte kontrol et]\n    G --> T[Süresi doldu mu?]\n    T -->|Evet| X[Zaman aşımı, düşük risk]\n    T -->|Hayır| Y[Aktif oturum, detaylı incele]\n",[745],{"type":30,"tag":45,"props":746,"children":747},{"__ignoreMap":7},[748,756,764,772,780,788],{"type":30,"tag":234,"props":749,"children":750},{"class":236,"line":237},[751],{"type":30,"tag":234,"props":752,"children":753},{"style":241},[754],{"type":36,"value":755},"graph TD\n",{"type":30,"tag":234,"props":757,"children":758},{"class":236,"line":247},[759],{"type":30,"tag":234,"props":760,"children":761},{"style":241},[762],{"type":36,"value":763},"    E[Erişim anahtarı prefix'i] -->|AKIA| U[Uzun vadeli kullanıcı anahtarı\u003Cbr\u002F>Risk: Süresiz erişim]\n",{"type":30,"tag":234,"props":765,"children":766},{"class":236,"line":256},[767],{"type":30,"tag":234,"props":768,"children":769},{"style":241},[770],{"type":36,"value":771},"    E -->|ASIA| G[Geçici STS anahtarı\u003Cbr\u002F>SessionToken ile birlikte kontrol et]\n",{"type":30,"tag":234,"props":773,"children":774},{"class":236,"line":265},[775],{"type":30,"tag":234,"props":776,"children":777},{"style":241},[778],{"type":36,"value":779},"    G --> T[Süresi doldu mu?]\n",{"type":30,"tag":234,"props":781,"children":782},{"class":236,"line":274},[783],{"type":30,"tag":234,"props":784,"children":785},{"style":241},[786],{"type":36,"value":787},"    T -->|Evet| X[Zaman aşımı, düşük risk]\n",{"type":30,"tag":234,"props":789,"children":790},{"class":236,"line":283},[791],{"type":30,"tag":234,"props":792,"children":793},{"style":241},[794],{"type":36,"value":795},"    T -->|Hayır| Y[Aktif oturum, detaylı incele]\n",{"type":30,"tag":31,"props":797,"children":799},{"id":798},"saldırı-yüzeyi-ve-tehdit-modeli",[800],{"type":36,"value":801},"Saldırı yüzeyi ve tehdit modeli",{"type":30,"tag":39,"props":803,"children":804},{},[805,807,812,814,819],{"type":36,"value":806},"Senaryoyu saldırgan perspektifinden kurgulayalım. Bir geliştirici, ",{"type":30,"tag":45,"props":808,"children":810},{"className":809},[],[811],{"type":36,"value":343},{"type":36,"value":813}," kullanıcısına ait ",{"type":30,"tag":45,"props":815,"children":817},{"className":816},[],[818],{"type":36,"value":167},{"type":36,"value":820}," anahtarını yanlışlıkla bir GitHub reposuna itti. Saldırgan bu anahtarı tarayıcılarla bulup kendi ortamına alır. İlk iş olarak kimliğini doğrular:",{"type":30,"tag":224,"props":822,"children":826},{"className":823,"code":824,"language":825,"meta":7,"style":7},"language-bash shiki shiki-themes catppuccin-latte one-dark-pro","aws sts get-caller-identity --profile stolen\n","bash",[827],{"type":30,"tag":45,"props":828,"children":829},{"__ignoreMap":7},[830],{"type":30,"tag":234,"props":831,"children":832},{"class":236,"line":237},[833,839,845,850,856],{"type":30,"tag":234,"props":834,"children":836},{"style":835},"--shiki-default:#1E66F5;--shiki-default-font-style:italic;--shiki-dark:#61AFEF;--shiki-dark-font-style:inherit",[837],{"type":36,"value":838},"aws",{"type":30,"tag":234,"props":840,"children":842},{"style":841},"--shiki-default:#40A02B;--shiki-dark:#98C379",[843],{"type":36,"value":844}," sts",{"type":30,"tag":234,"props":846,"children":847},{"style":841},[848],{"type":36,"value":849}," get-caller-identity",{"type":30,"tag":234,"props":851,"children":853},{"style":852},"--shiki-default:#40A02B;--shiki-dark:#D19A66",[854],{"type":36,"value":855}," --profile",{"type":30,"tag":234,"props":857,"children":858},{"style":841},[859],{"type":36,"value":860}," stolen\n",{"type":30,"tag":39,"props":862,"children":863},{},[864,866,871,873,878],{"type":36,"value":865},"Dönen ARN’den yetkili bir IAM kullanıcısı olduğunu gören saldırgan, hangi rolleri üstlenebileceğini anlamak için IAM'i yoklar. Eğer ",{"type":30,"tag":45,"props":867,"children":869},{"className":868},[],[870],{"type":36,"value":351},{"type":36,"value":872}," grubu ",{"type":30,"tag":45,"props":874,"children":876},{"className":875},[],[877],{"type":36,"value":369},{"type":36,"value":879}," rolünü üstlenme iznine sahipse ve güven ilişkisinde MFA gibi ek bir koşul yoksa, saldırgan aşağıdaki çağrı ile yüksek yetkili bir oturum açar:",{"type":30,"tag":84,"props":881,"children":883},{"type":882},"warning",[884],{"type":30,"tag":39,"props":885,"children":886},{},[887,889,895],{"type":36,"value":888},"Komut içindeki ",{"type":30,"tag":45,"props":890,"children":892},{"className":891},[],[893],{"type":36,"value":894},"123456789012",{"type":36,"value":896}," yerine kendi AWS hesap ID'nizi yazmayı unutmayın.",{"type":30,"tag":224,"props":898,"children":901},{"className":823,"code":899,"filename":900,"language":825,"meta":7,"style":7},"aws sts assume-role \\\n  --role-arn arn:aws:iam::123456789012:role\u002Fuzman \\\n  --role-session-name malicious\n","AssumeRole.sh",[902],{"type":30,"tag":45,"props":903,"children":904},{"__ignoreMap":7},[905,927,944],{"type":30,"tag":234,"props":906,"children":907},{"class":236,"line":237},[908,912,916,921],{"type":30,"tag":234,"props":909,"children":910},{"style":835},[911],{"type":36,"value":838},{"type":30,"tag":234,"props":913,"children":914},{"style":841},[915],{"type":36,"value":844},{"type":30,"tag":234,"props":917,"children":918},{"style":841},[919],{"type":36,"value":920}," assume-role",{"type":30,"tag":234,"props":922,"children":924},{"style":923},"--shiki-default:#EA76CB;--shiki-dark:#56B6C2",[925],{"type":36,"value":926}," \\\n",{"type":30,"tag":234,"props":928,"children":929},{"class":236,"line":247},[930,935,940],{"type":30,"tag":234,"props":931,"children":932},{"style":852},[933],{"type":36,"value":934},"  --role-arn",{"type":30,"tag":234,"props":936,"children":937},{"style":841},[938],{"type":36,"value":939}," arn:aws:iam::123456789012:role\u002Fuzman",{"type":30,"tag":234,"props":941,"children":942},{"style":923},[943],{"type":36,"value":926},{"type":30,"tag":234,"props":945,"children":946},{"class":236,"line":256},[947,952],{"type":30,"tag":234,"props":948,"children":949},{"style":852},[950],{"type":36,"value":951},"  --role-session-name",{"type":30,"tag":234,"props":953,"children":954},{"style":841},[955],{"type":36,"value":956}," malicious\n",{"type":30,"tag":39,"props":958,"children":959},{},[960],{"type":36,"value":961},"CloudTrail'de bu olay şu izleri bırakır:",{"type":30,"tag":90,"props":963,"children":964},{},[965,982,997,1012],{"type":30,"tag":94,"props":966,"children":967},{},[968,974,976],{"type":30,"tag":45,"props":969,"children":971},{"className":970},[],[972],{"type":36,"value":973},"userIdentity.arn",{"type":36,"value":975},": ",{"type":30,"tag":45,"props":977,"children":979},{"className":978},[],[980],{"type":36,"value":981},"arn:aws:iam::123456789012:user\u002Fstajyer",{"type":30,"tag":94,"props":983,"children":984},{},[985,991,992],{"type":30,"tag":45,"props":986,"children":988},{"className":987},[],[989],{"type":36,"value":990},"eventName",{"type":36,"value":975},{"type":30,"tag":45,"props":993,"children":995},{"className":994},[],[996],{"type":36,"value":80},{"type":30,"tag":94,"props":998,"children":999},{},[1000,1006,1007],{"type":30,"tag":45,"props":1001,"children":1003},{"className":1002},[],[1004],{"type":36,"value":1005},"responseElements.credentials.accessKeyId",{"type":36,"value":975},{"type":30,"tag":45,"props":1008,"children":1010},{"className":1009},[],[1011],{"type":36,"value":409},{"type":30,"tag":94,"props":1013,"children":1014},{},[1015,1021,1022],{"type":30,"tag":45,"props":1016,"children":1018},{"className":1017},[],[1019],{"type":36,"value":1020},"assumedRoleUser.arn",{"type":36,"value":975},{"type":30,"tag":45,"props":1023,"children":1025},{"className":1024},[],[1026],{"type":36,"value":1027},"arn:aws:sts::123456789012:assumed-role\u002Fuzman\u002Fmalicious",{"type":30,"tag":224,"props":1029,"children":1031},{"className":226,"code":1030,"language":228,"meta":7,"style":7},"flowchart LR\n    A[AKIA anahtarı sızdı] --> B{AssumeRole izni var mı?}\n    B -->|Evet, MFA yok| C[Rolü üstlen, ASIA al]\n    C --> D[Yüksek yetkili işlemler yap]\n    B -->|Evet, MFA var| E[Ek faktör gerekli, durduruldu]\n    B -->|Hayır| F[Hedef değiştir veya başka yol dene]\n",[1032],{"type":30,"tag":45,"props":1033,"children":1034},{"__ignoreMap":7},[1035,1043,1051,1059,1067,1075],{"type":30,"tag":234,"props":1036,"children":1037},{"class":236,"line":237},[1038],{"type":30,"tag":234,"props":1039,"children":1040},{"style":241},[1041],{"type":36,"value":1042},"flowchart LR\n",{"type":30,"tag":234,"props":1044,"children":1045},{"class":236,"line":247},[1046],{"type":30,"tag":234,"props":1047,"children":1048},{"style":241},[1049],{"type":36,"value":1050},"    A[AKIA anahtarı sızdı] --> B{AssumeRole izni var mı?}\n",{"type":30,"tag":234,"props":1052,"children":1053},{"class":236,"line":256},[1054],{"type":30,"tag":234,"props":1055,"children":1056},{"style":241},[1057],{"type":36,"value":1058},"    B -->|Evet, MFA yok| C[Rolü üstlen, ASIA al]\n",{"type":30,"tag":234,"props":1060,"children":1061},{"class":236,"line":265},[1062],{"type":30,"tag":234,"props":1063,"children":1064},{"style":241},[1065],{"type":36,"value":1066},"    C --> D[Yüksek yetkili işlemler yap]\n",{"type":30,"tag":234,"props":1068,"children":1069},{"class":236,"line":274},[1070],{"type":30,"tag":234,"props":1071,"children":1072},{"style":241},[1073],{"type":36,"value":1074},"    B -->|Evet, MFA var| E[Ek faktör gerekli, durduruldu]\n",{"type":30,"tag":234,"props":1076,"children":1077},{"class":236,"line":283},[1078],{"type":30,"tag":234,"props":1079,"children":1080},{"style":241},[1081],{"type":36,"value":1082},"    B -->|Hayır| F[Hedef değiştir veya başka yol dene]\n",{"type":30,"tag":196,"props":1084,"children":1086},{"icon":1085},"ph:info-duotone",[1087],{"type":30,"tag":39,"props":1088,"children":1089},{},[1090,1094,1096,1102,1104,1110,1112,1117],{"type":30,"tag":59,"props":1091,"children":1092},{},[1093],{"type":36,"value":207},{"type":36,"value":1095}," AWS'nin kendi güvenlik rehberlerinde de belirttiği gibi, rol güven politikasında ",{"type":30,"tag":45,"props":1097,"children":1099},{"className":1098},[],[1100],{"type":36,"value":1101},"\"aws:MultiFactorAuthPresent\": \"true\"",{"type":36,"value":1103}," koşulu ve ",{"type":30,"tag":45,"props":1105,"children":1107},{"className":1106},[],[1108],{"type":36,"value":1109},"sts:ExternalId",{"type":36,"value":1111}," kullanımı, en kritik iki savunma katmanıdır (",{"type":30,"tag":67,"props":1113,"children":1115},{"link":1114},"https:\u002F\u002Fdocs.aws.amazon.com\u002FIAM\u002Flatest\u002FUserGuide\u002Fid_credentials_temp.html",[1116],{"type":36,"value":15},{"type":36,"value":1118},", 2024). Bu kontroller, sızan bir anahtarın doğrudan rol üstlenmesini engelleyerek saldırganın işini katlanarak zorlaştırır.",{"type":30,"tag":31,"props":1120,"children":1122},{"id":1121},"en-iyi-güvenlik-pratikleri",[1123],{"type":36,"value":1124},"En iyi güvenlik pratikleri",{"type":30,"tag":39,"props":1126,"children":1127},{},[1128],{"type":36,"value":1129},"Artık teorik ve pratik akışı gördüğümüze göre, uygulayabileceğiniz somut, savunmacı ve eyleme dönük adımları sıralayalım:",{"type":30,"tag":1131,"props":1132,"children":1133},"card-list",{},[1134,1273],{"type":30,"tag":90,"props":1135,"children":1136},{},[1137,1175,1200,1217,1235,1245,1263],{"type":30,"tag":94,"props":1138,"children":1139},{},[1140,1145,1147,1152,1154,1159,1161,1166,1168,1173],{"type":30,"tag":59,"props":1141,"children":1142},{},[1143],{"type":36,"value":1144},"Uzun vadeli anahtarı yalnızca başlangıç noktası yapın.",{"type":36,"value":1146}," ",{"type":30,"tag":45,"props":1148,"children":1150},{"className":1149},[],[1151],{"type":36,"value":104},{"type":36,"value":1153}," anahtarınız sadece ",{"type":30,"tag":45,"props":1155,"children":1157},{"className":1156},[],[1158],{"type":36,"value":324},{"type":36,"value":1160}," çağrısı için kullanılmalı; sonraki tüm işlemler dönen ",{"type":30,"tag":45,"props":1162,"children":1164},{"className":1163},[],[1165],{"type":36,"value":128},{"type":36,"value":1167}," anahtarı ve ",{"type":30,"tag":45,"props":1169,"children":1171},{"className":1170},[],[1172],{"type":36,"value":136},{"type":36,"value":1174}," ile gerçekleştirilmelidir.",{"type":30,"tag":94,"props":1176,"children":1177},{},[1178,1183,1185,1191,1193],{"type":30,"tag":59,"props":1179,"children":1180},{},[1181],{"type":36,"value":1182},"Rol güven ilişkisinde MFA'yı zorunlu kılın.",{"type":36,"value":1184}," Trust policy içerisine ",{"type":30,"tag":45,"props":1186,"children":1188},{"className":1187},[],[1189],{"type":36,"value":1190},"\"Bool\": {\"aws:MultiFactorAuthPresent\": \"true\"}",{"type":36,"value":1192}," koşulunu ekleyin. ",{"type":30,"tag":1194,"props":1195,"children":1197},"tip",{"tip":1196},"Bazı senaryolarda MFA bilgisi istekle birlikte gelmeyebilir, BoolIfExists bu durumda politikanın hata vermesini engeller.",[1198],{"type":36,"value":1199},"Daha esnek bir denetim için BoolIfExists operatörü de değerlendirilebilir.",{"type":30,"tag":94,"props":1201,"children":1202},{},[1203,1208,1209,1215],{"type":30,"tag":59,"props":1204,"children":1205},{},[1206],{"type":36,"value":1207},"Oturum süresini iş için yeterli en kısa değere ayarlayın.",{"type":36,"value":1146},{"type":30,"tag":45,"props":1210,"children":1212},{"className":1211},[],[1213],{"type":36,"value":1214},"--duration-seconds",{"type":36,"value":1216}," ile istek başına süre sınırı koyun. Gereksiz uzun oturumlar riski artırır.",{"type":30,"tag":94,"props":1218,"children":1219},{},[1220,1225,1227,1233],{"type":30,"tag":59,"props":1221,"children":1222},{},[1223],{"type":36,"value":1224},"Çapraz hesap erişimlerinde ExternalId'yi zorunlu tutun.",{"type":36,"value":1226}," Üçüncü parti araçlar sizin hesabınıza erişirken, karşı tarafın bilmesi gereken rastgele bir ",{"type":30,"tag":45,"props":1228,"children":1230},{"className":1229},[],[1231],{"type":36,"value":1232},"ExternalId",{"type":36,"value":1234}," tanımlayın.",{"type":30,"tag":94,"props":1236,"children":1237},{},[1238,1243],{"type":30,"tag":59,"props":1239,"children":1240},{},[1241],{"type":36,"value":1242},"Erişim anahtarlarını otomatik rotasyona alın.",{"type":36,"value":1244}," AWS Config kuralları ve IAM Access Analyzer ile uzun süre kullanılmayan anahtarları tespit edin.",{"type":30,"tag":94,"props":1246,"children":1247},{},[1248,1253,1255,1261],{"type":30,"tag":59,"props":1249,"children":1250},{},[1251],{"type":36,"value":1252},"CloudTrail'de AssumeRole olaylarını sürekli izleyin.",{"type":36,"value":1254}," Beklenmedik ",{"type":30,"tag":45,"props":1256,"children":1258},{"className":1257},[],[1259],{"type":36,"value":1260},"roleSessionName",{"type":36,"value":1262}," değerleri için anomali kuralları oluşturun.",{"type":30,"tag":94,"props":1264,"children":1265},{},[1266,1271],{"type":30,"tag":59,"props":1267,"children":1268},{},[1269],{"type":36,"value":1270},"Rol yetkilerini en az yetki ilkesine göre sınırlayın.",{"type":36,"value":1272}," Rolün permission policy'sini sadece ihtiyaç duyulan kaynaklara ve eylemlere izin verecek şekilde sıkılaştırın.",{"type":30,"tag":90,"props":1274,"children":1275},{},[1276],{"type":30,"tag":94,"props":1277,"children":1278},{},[1279,1284,1286,1291,1293,1298,1300,1305],{"type":30,"tag":59,"props":1280,"children":1281},{},[1282],{"type":36,"value":1283},"Mümkünse uzun vadeli anahtarı tamamen ortadan kaldırın.",{"type":36,"value":1285}," AWS IAM Identity Center veya Instance Profile kullanarak, kullanıcılar ve uygulamalar için hiç uzun vadeli anahtar üretmeden çalışabilirsiniz. GCP'de bu kavramın karşılığı ",{"type":30,"tag":59,"props":1287,"children":1288},{},[1289],{"type":36,"value":1290},"Service Account impersonation",{"type":36,"value":1292}," ve ",{"type":30,"tag":59,"props":1294,"children":1295},{},[1296],{"type":36,"value":1297},"Workload Identity",{"type":36,"value":1299},"'dir; Azure'da ise ",{"type":30,"tag":59,"props":1301,"children":1302},{},[1303],{"type":36,"value":1304},"Managed Identity",{"type":36,"value":1306}," olarak karşımıza çıkar. Her platformun ortak hedefi, sabit anahtarların oluşturduğu statik riski ortadan kaldırmaktır.",{"type":30,"tag":31,"props":1308,"children":1310},{"id":1309},"sonuç",[1311],{"type":36,"value":1312},"Sonuç",{"type":30,"tag":39,"props":1314,"children":1315},{},[1316,1318,1323,1325,1330],{"type":36,"value":1317},"AWS STS ve ",{"type":30,"tag":45,"props":1319,"children":1321},{"className":1320},[],[1322],{"type":36,"value":80},{"type":36,"value":1324}," mekanizması, bulut güvenliğinde \"kısa vadeli düşün\" prensibinin en güçlü uygulamalarından biridir. Uzun vadeli anahtarların taşıdığı süresiz riski, geçici ve sıkı denetlenebilir oturumlarla ikame eder. Ancak bu yapının gerçek anlamda güvenli olması, rol güven politikalarına eklenen MFA zorunluluğuna, ",{"type":30,"tag":45,"props":1326,"children":1328},{"className":1327},[],[1329],{"type":36,"value":1232},{"type":36,"value":1331}," kullanımına, kısa oturum sürelerine ve rolün kendi yetkilerinin de en aza indirilmesine bağlıdır.",{"type":30,"tag":31,"props":1333,"children":1335},{"id":1334},"sıkça-sorulan-sorular",[1336],{"type":36,"value":1337},"Sıkça sorulan sorular",{"type":30,"tag":1339,"props":1340,"children":1342},"folding",{"title":1341},"STS ile alınan ASIA anahtarını ne kadar süre kullanabilirim?",[1343],{"type":30,"tag":39,"props":1344,"children":1345},{},[1346,1348,1353,1355,1361],{"type":36,"value":1347},"AWS STS, ",{"type":30,"tag":45,"props":1349,"children":1351},{"className":1350},[],[1352],{"type":36,"value":324},{"type":36,"value":1354}," çağrısı başına minimum 900 saniye (15 dakika) ile maksimum rol ",{"type":30,"tag":45,"props":1356,"children":1358},{"className":1357},[],[1359],{"type":36,"value":1360},"MaxSessionDuration",{"type":36,"value":1362}," değeri (12 saate kadar) arasında oturum süresi talep etmenize izin verir. Varsayılan değer genellikle 1 saattir. Güvenlik açısından işleminiz için yeterli olan en kısa süreyi talep etmelisiniz.",{"type":30,"tag":1339,"props":1364,"children":1366},{"title":1365},"SessionToken olmadan ASIA anahtarı çalışır mı?",[1367],{"type":30,"tag":39,"props":1368,"children":1369},{},[1370,1372,1377],{"type":36,"value":1371},"Hayır, çalışmaz. STS'den dönen ",{"type":30,"tag":45,"props":1373,"children":1375},{"className":1374},[],[1376],{"type":36,"value":136},{"type":36,"value":1378},", isteğin geçici oturuma ait olduğunu doğrulamak için güvenlik belirteci olarak kullanılır. Eksik olduğunda, AWS API'leri isteğinizi otomatik olarak reddeder.",{"type":30,"tag":1339,"props":1380,"children":1382},{"title":1381},"Role üstlenme olaylarını CloudTrail'de nasıl bulurum?",[1383],{"type":30,"tag":39,"props":1384,"children":1385},{},[1386,1388,1394,1396,1401,1403,1409,1411,1417],{"type":36,"value":1387},"CloudTrail Event History içinde ",{"type":30,"tag":45,"props":1389,"children":1391},{"className":1390},[],[1392],{"type":36,"value":1393},"EventName = \"AssumeRole\"",{"type":36,"value":1395}," filtresiyle arama yapabilirsiniz. AWS CloudTrail, hesap başına son 90 günün olay geçmişini ücretsiz olarak saklar; ",{"type":30,"tag":45,"props":1397,"children":1399},{"className":1398},[],[1400],{"type":36,"value":80},{"type":36,"value":1402}," olayları bu süre içinde sorgulanabilir. Dönen kayıtlarda ",{"type":30,"tag":45,"props":1404,"children":1406},{"className":1405},[],[1407],{"type":36,"value":1408},"ASIA*",{"type":36,"value":1410}," anahtarları ve ",{"type":30,"tag":45,"props":1412,"children":1414},{"className":1413},[],[1415],{"type":36,"value":1416},"assumedRoleUser",{"type":36,"value":1418}," bilgileri yer alır.",{"type":30,"tag":1339,"props":1420,"children":1422},{"title":1421},"Uzun vadeli anahtar kullanımını tamamen sıfırlayabilir miyim?",[1423],{"type":30,"tag":39,"props":1424,"children":1425},{},[1426,1428,1433],{"type":36,"value":1427},"Evet. AWS IAM Identity Center veya EC2 Instance Profile’lar kullanarak, kullanıcılar ve uygulamalar için hiç uzun vadeli ",{"type":30,"tag":45,"props":1429,"children":1431},{"className":1430},[],[1432],{"type":36,"value":104},{"type":36,"value":1434}," anahtarı üretmeden, yalnızca geçici kimliklerle çalışan bir ortam kurabilirsiniz.",{"type":30,"tag":31,"props":1436,"children":1438},{"id":1437},"kaynakça-ve-ek-okuma",[1439],{"type":36,"value":1440},"Kaynakça ve ek okuma",{"type":30,"tag":90,"props":1442,"children":1443},{},[1444,1456,1469,1481,1495,1507],{"type":30,"tag":94,"props":1445,"children":1446},{},[1447,1449],{"type":36,"value":1448},"AWS Documentation, “Temporary security credentials in IAM” - ",{"type":30,"tag":234,"props":1450,"children":1451},{},[1452],{"type":30,"tag":67,"props":1453,"children":1454},{"link":1114},[1455],{"type":36,"value":15},{"type":30,"tag":94,"props":1457,"children":1458},{},[1459,1461],{"type":36,"value":1460},"AWS Documentation, “Using IAM roles” - ",{"type":30,"tag":234,"props":1462,"children":1463},{},[1464],{"type":30,"tag":67,"props":1465,"children":1467},{"link":1466},"https:\u002F\u002Fdocs.aws.amazon.com\u002FIAM\u002Flatest\u002FUserGuide\u002Fid_roles_use.html",[1468],{"type":36,"value":15},{"type":30,"tag":94,"props":1470,"children":1471},{},[1472,1474],{"type":36,"value":1473},"GitGuardian, “2024 State of Secrets Sprawl Report” - ",{"type":30,"tag":234,"props":1475,"children":1476},{},[1477],{"type":30,"tag":67,"props":1478,"children":1479},{"link":110},[1480],{"type":36,"value":115},{"type":30,"tag":94,"props":1482,"children":1483},{},[1484,1486],{"type":36,"value":1485},"Unit 42, “Cloud Threat Report: Expanding Attack Surface” - ",{"type":30,"tag":234,"props":1487,"children":1488},{},[1489],{"type":30,"tag":67,"props":1490,"children":1492},{"link":1491},"https:\u002F\u002Funit42.paloaltonetworks.com\u002Fcloud-threat-report-expanding-attack-surface\u002F",[1493],{"type":36,"value":1494},"Unit 42",{"type":30,"tag":94,"props":1496,"children":1497},{},[1498,1500],{"type":36,"value":1499},"IBM, “2024 Cost of a Data Breach Report” - ",{"type":30,"tag":234,"props":1501,"children":1502},{},[1503],{"type":30,"tag":67,"props":1504,"children":1505},{"link":69},[1506],{"type":36,"value":72},{"type":30,"tag":94,"props":1508,"children":1509},{},[1510,1512],{"type":36,"value":1511},"OWASP, “Cloud-Native Application Security Top 10” - ",{"type":30,"tag":234,"props":1513,"children":1514},{},[1515],{"type":30,"tag":67,"props":1516,"children":1518},{"link":1517},"https:\u002F\u002Fwiki.owasp.org\u002Findex.php\u002FOWASP_Cloud-Native_Application_Security_Top_10",[1519],{"type":36,"value":1520},"OWASP",{"type":30,"tag":1522,"props":1523,"children":1524},"style",{},[1525],{"type":36,"value":1526},"html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}",{"title":7,"searchDepth":265,"depth":265,"links":1528},[1529,1530,1531,1532,1533,1534,1535,1536,1537],{"id":33,"depth":247,"text":37},{"id":153,"depth":247,"text":156},{"id":310,"depth":247,"text":313},{"id":551,"depth":247,"text":554},{"id":798,"depth":247,"text":801},{"id":1121,"depth":247,"text":1124},{"id":1309,"depth":247,"text":1312},{"id":1334,"depth":247,"text":1337},{"id":1437,"depth":247,"text":1440},"markdown","content:posts:2026:aws-sts-ve-gecici-kimlik-bilgileri.md","content","posts\u002F2026\u002Faws-sts-ve-gecici-kimlik-bilgileri.md","posts\u002F2026\u002Faws-sts-ve-gecici-kimlik-bilgileri","md","\u002Fposts",[1546,1550],{"_path":1547,"title":1548,"date":1549},"\u002F2026\u002Faws-iam-least-privilege-rehberi","IAM’de En Az Ayrıcalık: Neden Bu Kadar Önemli ve Nasıl Uygulanır?","2026-04-25T20:07:00.000Z",{"_path":1551,"title":1552,"date":1553},"\u002F2026\u002Faws-s3-yanlis-yapilandirmalari-ve-savunma","AWS S3 Yanlış Yapılandırmaları: Veri Sızıntılarına Giden Gizli Kapılar ve Savunma Stratejileri","2026-04-28T13:30:00.000Z",1780419439834]