[{"data":1,"prerenderedAt":1671},["ShallowReactive",2],{"\u002F2026\u002Faws-iam-policy-yapisi-nasil-calisir":3,"surround-\u002F2026\u002Faws-iam-policy-yapisi-nasil-calisir":1665},{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":8,"description":9,"date":10,"updated":10,"image":11,"categories":12,"tags":14,"draft":6,"readingTime":19,"body":24,"_type":1658,"_id":1659,"_source":1660,"_file":1661,"_stem":1662,"_extension":1663,"_original_dir":1664},"\u002F2026\u002Faws-iam-policy-yapisi-nasil-calisir","2026",false,"","AWS IAM policy yapısı nasıl çalışır?","AWS IAM policy anatomisini, Effect önceliğini, Action ve Resource yazarken yapılan hataları ve Condition ile daraltmayı güncel istatistiklerle keşfedin.","2026-04-23T08:16:00.000Z","https:\u002F\u002Fhackpaper-image-server.netlify.app\u002Fimages\u002Fblogs\u002Faws-iam-policy-yapisi-nasil-calisir\u002F1.jpg",[13],"Cloud",[15,16,17,18],"AWS","Security","IAM","JSON",{"text":20,"minutes":21,"time":22,"words":23},"7 min read",6.47,388200,1294,{"type":25,"children":26,"toc":1643},"root",[27,36,42,47,85,121,179,185,195,291,296,513,585,614,680,711,717,730,764,812,883,892,947,953,976,1011,1055,1132,1166,1172,1189,1247,1302,1308,1326,1380,1436,1479,1485,1492,1504,1510,1536,1542,1571,1577,1597,1603,1637],{"type":28,"tag":29,"props":30,"children":32},"element","h2",{"id":31},"giriş",[33],{"type":34,"value":35},"text","Giriş",{"type":28,"tag":37,"props":38,"children":39},"p",{},[40],{"type":34,"value":41},"AWS konsolunda bir butona tıkladığında arka planda tek bir soru sorulur. Bu kimlik bu işlemi yapabilir mi? Cevabı veren şey IAM policy. JSON gibi duran bu belgeler, bulut güvenliğinin temel kilididir ve yanlış yazıldığında kapı sessizce aralanır ve çoğu ekip bunu fark etmez.",{"type":28,"tag":37,"props":43,"children":44},{},[45],{"type":34,"value":46},"2026 verileri durumu netleştiriyor. Bulut ihlallerinin %45'i doğrudan bulutta gerçekleşiyor ve ortalama maliyet 5,17 milyon dolar. Şirketlerin %80'i son bir yılda en az bir bulut ihlali yaşadı. Bu ihlallerin %70'inden fazlası çalınmış kimliklerden kaynaklanıyor ve temel sebep policy hataları olarak raporlandı.",{"type":28,"tag":37,"props":48,"children":49},{},[50,52,59,61,67,69,75,77,83],{"type":34,"value":51},"Bu yazıda policy anatomisini, ",{"type":28,"tag":53,"props":54,"children":56},"code",{"className":55},[],[57],{"type":34,"value":58},"Effect",{"type":34,"value":60}," önceliğini, ",{"type":28,"tag":53,"props":62,"children":64},{"className":63},[],[65],{"type":34,"value":66},"Action",{"type":34,"value":68}," ve ",{"type":28,"tag":53,"props":70,"children":72},{"className":71},[],[73],{"type":34,"value":74},"Resource",{"type":34,"value":76}," yazarken yapılan hataları ve ",{"type":28,"tag":53,"props":78,"children":80},{"className":79},[],[81],{"type":34,"value":82},"Condition",{"type":34,"value":84}," ile daraltmayı göreceksin. Amaç kopyala-yapıştır değil, mantığı anlamak ve aynahatayı tekrarlamamak. Çünkü güvenlik, izin vermemekle başlar ve bu yaklaşım uzun vadede maliyetleri düşürür özellikle çok hesaplı yapılarda.",{"type":28,"tag":86,"props":87,"children":90},"alert",{"title":88,"type":89},"TL;DR","info",[91],{"type":28,"tag":37,"props":92,"children":93},{},[94,96,102,104,110,112,119],{"type":34,"value":95},"Bulut ihlallerinin %45'i doğrudan bulutta gerçekleşiyor ve ortalama zarar 5,17 milyon dolar olarak ölçülüyor. IAM'de varsayılan davranış her şeyi yasaklamaktır ve ",{"type":28,"tag":53,"props":97,"children":99},{"className":98},[],[100],{"type":34,"value":101},"Explicit Deny",{"type":34,"value":103}," her zaman ",{"type":28,"tag":53,"props":105,"children":107},{"className":106},[],[108],{"type":34,"value":109},"Explicit Allow",{"type":34,"value":111},"u ezer. İhlallerin %31'inden fazlası yanlış yapılandırmadan kaynaklanıyor (",{"type":28,"tag":113,"props":114,"children":116},"badge",{"link":115},"https:\u002F\u002Fwww.sentinelone.com\u002Fcybersecurity-101\u002Fcloud-security\u002Fcloud-security-statistics\u002F",[117],{"type":34,"value":118},"SentinelOne",{"type":34,"value":120},", 2026).",{"type":28,"tag":86,"props":122,"children":125},{"title":123,"type":124},"Key Takeaways","success",[126],{"type":28,"tag":127,"props":128,"children":129},"ul",{},[130,136,162,167],{"type":28,"tag":131,"props":132,"children":133},"li",{},[134],{"type":34,"value":135},"Bulut ihlallerinin %45'i bulutta, maliyet 5,17 milyon dolar",{"type":28,"tag":131,"props":137,"children":138},{},[139,141,146,148,154,156],{"type":34,"value":140},"IAM'de ",{"type":28,"tag":53,"props":142,"children":144},{"className":143},[],[145],{"type":34,"value":101},{"type":34,"value":147},", ",{"type":28,"tag":53,"props":149,"children":151},{"className":150},[],[152],{"type":34,"value":153},"Allow",{"type":34,"value":155},"u ezer, varsayılan ",{"type":28,"tag":53,"props":157,"children":159},{"className":158},[],[160],{"type":34,"value":161},"Implicit Deny",{"type":28,"tag":131,"props":163,"children":164},{},[165],{"type":34,"value":166},"İhlallerin %31'i yanlış yapılandırmadan, wildcard başlıca sebep",{"type":28,"tag":131,"props":168,"children":169},{},[170,172,177],{"type":34,"value":171},"Kimlik ihlalleri %70'in üzerinde, ",{"type":28,"tag":53,"props":173,"children":175},{"className":174},[],[176],{"type":34,"value":82},{"type":34,"value":178}," ve MFA şart",{"type":28,"tag":29,"props":180,"children":182},{"id":181},"iam-policy-nedir-ve-hangi-parçalardan-oluşur",[183],{"type":34,"value":184},"IAM policy nedir ve hangi parçalardan oluşur?",{"type":28,"tag":37,"props":186,"children":187},{},[188,190,194],{"type":34,"value":189},"IAM policy, AWS'de izinleri tanımlayan JSON belgedir ve kimliğe ya da kaynağa eklendiğinde çalışır. SentinelOne'ın 2026 raporuna göre şirketlerin %80'i geçen yıl bulut ihlali yaşadı, bu da policy tasarımını teorik bir konu olmaktan çıkarıp günlük operasyon haline getiriyor ve ekipleri zorluyor (",{"type":28,"tag":113,"props":191,"children":192},{"link":115},[193],{"type":34,"value":118},{"type":34,"value":120},{"type":28,"tag":37,"props":196,"children":197},{},[198,200,206,207,213,214,220,221,227,228,234,235,241,242,248,250,256,258,263,265,270,271,276,277,282,284,289],{"type":34,"value":199},"AWS dokümantasyonu yedi policy tipini sayar. Bunlar ",{"type":28,"tag":53,"props":201,"children":203},{"className":202},[],[204],{"type":34,"value":205},"identity-based",{"type":34,"value":147},{"type":28,"tag":53,"props":208,"children":210},{"className":209},[],[211],{"type":34,"value":212},"resource-based",{"type":34,"value":147},{"type":28,"tag":53,"props":215,"children":217},{"className":216},[],[218],{"type":34,"value":219},"permissions boundary",{"type":34,"value":147},{"type":28,"tag":53,"props":222,"children":224},{"className":223},[],[225],{"type":34,"value":226},"SCP",{"type":34,"value":147},{"type":28,"tag":53,"props":229,"children":231},{"className":230},[],[232],{"type":34,"value":233},"RCP",{"type":34,"value":147},{"type":28,"tag":53,"props":236,"children":238},{"className":237},[],[239],{"type":34,"value":240},"ACL",{"type":34,"value":68},{"type":28,"tag":53,"props":243,"children":245},{"className":244},[],[246],{"type":34,"value":247},"session policy",{"type":34,"value":249},"'dir. Pratikte en çok ilk ikisi kullanılır ve her ikisi de JSON tabanlıdır. Her policy en az bir ",{"type":28,"tag":53,"props":251,"children":253},{"className":252},[],[254],{"type":34,"value":255},"Statement",{"type":34,"value":257}," içerir ve ",{"type":28,"tag":53,"props":259,"children":261},{"className":260},[],[262],{"type":34,"value":255},{"type":34,"value":264}," içinde ",{"type":28,"tag":53,"props":266,"children":268},{"className":267},[],[269],{"type":34,"value":58},{"type":34,"value":147},{"type":28,"tag":53,"props":272,"children":274},{"className":273},[],[275],{"type":34,"value":66},{"type":34,"value":147},{"type":28,"tag":53,"props":278,"children":280},{"className":279},[],[281],{"type":34,"value":74},{"type":34,"value":283}," ve opsiyonel ",{"type":28,"tag":53,"props":285,"children":287},{"className":286},[],[288],{"type":34,"value":82},{"type":34,"value":290}," bulunur ve bu yapı değişmez.",{"type":28,"tag":37,"props":292,"children":293},{},[294],{"type":34,"value":295},"Temel iskelet her zaman aynıdır ve aşağıdaki örnek en az ayrıcalık prensibini gösterir. Bu yapı, sadece belirli bir S3 bucket'ından okuma izni verir ve başka hiçbir kaynağa dokunmaz. Örneği incelemek, parçaların nasıl birleştiğini anlamayı kolaylaştırır ve hataları azaltır.",{"type":28,"tag":297,"props":298,"children":303},"pre",{"className":299,"code":300,"filename":301,"language":302,"meta":7,"style":7},"language-json shiki shiki-themes catppuccin-latte one-dark-pro","{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [{\n    \"Sid\": \"S3ReadOnly\",\n    \"Effect\": \"Allow\",\n    \"Action\": \"s3:GetObject\",\n    \"Resource\": \"arn:aws:s3:::fatura-bucket\u002F*\"\n  }]\n}\n","S3 ReadOnly Policy","json",[304],{"type":28,"tag":53,"props":305,"children":306},{"__ignoreMap":7},[307,319,356,381,412,441,470,495,504],{"type":28,"tag":308,"props":309,"children":312},"span",{"class":310,"line":311},"line",1,[313],{"type":28,"tag":308,"props":314,"children":316},{"style":315},"--shiki-default:#7C7F93;--shiki-dark:#ABB2BF",[317],{"type":34,"value":318},"{\n",{"type":28,"tag":308,"props":320,"children":322},{"class":310,"line":321},2,[323,329,335,340,345,351],{"type":28,"tag":308,"props":324,"children":326},{"style":325},"--shiki-default:#7C7F93;--shiki-dark:#E06C75",[327],{"type":34,"value":328},"  \"",{"type":28,"tag":308,"props":330,"children":332},{"style":331},"--shiki-default:#1E66F5;--shiki-dark:#E06C75",[333],{"type":34,"value":334},"Version",{"type":28,"tag":308,"props":336,"children":337},{"style":325},[338],{"type":34,"value":339},"\"",{"type":28,"tag":308,"props":341,"children":342},{"style":315},[343],{"type":34,"value":344},":",{"type":28,"tag":308,"props":346,"children":348},{"style":347},"--shiki-default:#40A02B;--shiki-dark:#98C379",[349],{"type":34,"value":350}," \"2012-10-17\"",{"type":28,"tag":308,"props":352,"children":353},{"style":315},[354],{"type":34,"value":355},",\n",{"type":28,"tag":308,"props":357,"children":359},{"class":310,"line":358},3,[360,364,368,372,376],{"type":28,"tag":308,"props":361,"children":362},{"style":325},[363],{"type":34,"value":328},{"type":28,"tag":308,"props":365,"children":366},{"style":331},[367],{"type":34,"value":255},{"type":28,"tag":308,"props":369,"children":370},{"style":325},[371],{"type":34,"value":339},{"type":28,"tag":308,"props":373,"children":374},{"style":315},[375],{"type":34,"value":344},{"type":28,"tag":308,"props":377,"children":378},{"style":315},[379],{"type":34,"value":380}," [{\n",{"type":28,"tag":308,"props":382,"children":384},{"class":310,"line":383},4,[385,390,395,399,403,408],{"type":28,"tag":308,"props":386,"children":387},{"style":325},[388],{"type":34,"value":389},"    \"",{"type":28,"tag":308,"props":391,"children":392},{"style":331},[393],{"type":34,"value":394},"Sid",{"type":28,"tag":308,"props":396,"children":397},{"style":325},[398],{"type":34,"value":339},{"type":28,"tag":308,"props":400,"children":401},{"style":315},[402],{"type":34,"value":344},{"type":28,"tag":308,"props":404,"children":405},{"style":347},[406],{"type":34,"value":407}," \"S3ReadOnly\"",{"type":28,"tag":308,"props":409,"children":410},{"style":315},[411],{"type":34,"value":355},{"type":28,"tag":308,"props":413,"children":415},{"class":310,"line":414},5,[416,420,424,428,432,437],{"type":28,"tag":308,"props":417,"children":418},{"style":325},[419],{"type":34,"value":389},{"type":28,"tag":308,"props":421,"children":422},{"style":331},[423],{"type":34,"value":58},{"type":28,"tag":308,"props":425,"children":426},{"style":325},[427],{"type":34,"value":339},{"type":28,"tag":308,"props":429,"children":430},{"style":315},[431],{"type":34,"value":344},{"type":28,"tag":308,"props":433,"children":434},{"style":347},[435],{"type":34,"value":436}," \"Allow\"",{"type":28,"tag":308,"props":438,"children":439},{"style":315},[440],{"type":34,"value":355},{"type":28,"tag":308,"props":442,"children":444},{"class":310,"line":443},6,[445,449,453,457,461,466],{"type":28,"tag":308,"props":446,"children":447},{"style":325},[448],{"type":34,"value":389},{"type":28,"tag":308,"props":450,"children":451},{"style":331},[452],{"type":34,"value":66},{"type":28,"tag":308,"props":454,"children":455},{"style":325},[456],{"type":34,"value":339},{"type":28,"tag":308,"props":458,"children":459},{"style":315},[460],{"type":34,"value":344},{"type":28,"tag":308,"props":462,"children":463},{"style":347},[464],{"type":34,"value":465}," \"s3:GetObject\"",{"type":28,"tag":308,"props":467,"children":468},{"style":315},[469],{"type":34,"value":355},{"type":28,"tag":308,"props":471,"children":473},{"class":310,"line":472},7,[474,478,482,486,490],{"type":28,"tag":308,"props":475,"children":476},{"style":325},[477],{"type":34,"value":389},{"type":28,"tag":308,"props":479,"children":480},{"style":331},[481],{"type":34,"value":74},{"type":28,"tag":308,"props":483,"children":484},{"style":325},[485],{"type":34,"value":339},{"type":28,"tag":308,"props":487,"children":488},{"style":315},[489],{"type":34,"value":344},{"type":28,"tag":308,"props":491,"children":492},{"style":347},[493],{"type":34,"value":494}," \"arn:aws:s3:::fatura-bucket\u002F*\"\n",{"type":28,"tag":308,"props":496,"children":498},{"class":310,"line":497},8,[499],{"type":28,"tag":308,"props":500,"children":501},{"style":315},[502],{"type":34,"value":503},"  }]\n",{"type":28,"tag":308,"props":505,"children":507},{"class":310,"line":506},9,[508],{"type":28,"tag":308,"props":509,"children":510},{"style":315},[511],{"type":34,"value":512},"}\n",{"type":28,"tag":37,"props":514,"children":515},{},[516,518,523,525,534,536,541,542,547,549,554,555,562,564,569,570,576,578,583],{"type":34,"value":517},"Bu örnekte ",{"type":28,"tag":53,"props":519,"children":521},{"className":520},[],[522],{"type":34,"value":334},{"type":34,"value":524}," alanı ",{"type":28,"tag":53,"props":526,"children":531},{"className":527,"id":529,"style":530},[528],"example-info","just-like-this","color: #77BEF0",[532],{"type":34,"value":533},"2012-10-17",{"type":34,"value":535}," olarak kalır ve policy dil sürümünü sabitler. ",{"type":28,"tag":53,"props":537,"children":539},{"className":538},[],[540],{"type":34,"value":58},{"type":34,"value":524},{"type":28,"tag":53,"props":543,"children":545},{"className":544},[],[546],{"type":34,"value":153},{"type":34,"value":548}," değerini alır ve izni açar. ",{"type":28,"tag":53,"props":550,"children":552},{"className":551},[],[553],{"type":34,"value":66},{"type":34,"value":524},{"type":28,"tag":53,"props":556,"children":559},{"className":557,"id":529,"style":558},[528],"color: #4DFFBE",[560],{"type":34,"value":561},"s3:GetObject",{"type":34,"value":563}," ile sadece okuma işlemine izin verir ve yazma yetkisi vermez. ",{"type":28,"tag":53,"props":565,"children":567},{"className":566},[],[568],{"type":34,"value":74},{"type":34,"value":524},{"type":28,"tag":53,"props":571,"children":573},{"className":572,"id":529,"style":530},[528],[574],{"type":34,"value":575},"arn:aws:s3:::fatura-bucket\u002F*",{"type":34,"value":577}," ile hedefi tek bucket ile sınırlar. Hepsi tek ",{"type":28,"tag":53,"props":579,"children":581},{"className":580},[],[582],{"type":34,"value":255},{"type":34,"value":584}," içinde çalışır ve başka kaynağa taşmaz.",{"type":28,"tag":37,"props":586,"children":587},{},[588,590,596,598,604,606,612],{"type":34,"value":589},"Policy türleri üçe ayrılır ve seçim yönetim yükünü belirler. ",{"type":28,"tag":53,"props":591,"children":593},{"className":592},[],[594],{"type":34,"value":595},"AWS Managed",{"type":34,"value":597}," hazır gelir ve AWS tarafından güncellenir, hızlı başlangıç için uygundur. ",{"type":28,"tag":53,"props":599,"children":601},{"className":600},[],[602],{"type":34,"value":603},"Customer Managed",{"type":34,"value":605}," senin yazdığın, yeniden kullanılabilir ve merkezi kontrol sağlar. ",{"type":28,"tag":53,"props":607,"children":609},{"className":608},[],[610],{"type":34,"value":611},"Inline",{"type":34,"value":613}," ise doğrudan kullanıcıya gömülür, tekil kalır ve kimlik silindiğinde kaybolur, bu yüzden dikkatli kullanılmalıdır.",{"type":28,"tag":297,"props":615,"children":619},{"className":616,"code":617,"language":618,"meta":7,"style":7},"language-mermaid shiki shiki-themes catppuccin-latte one-dark-pro","graph TD\n    A[Policy] --> B[Version]\n    A --> C[Statement]\n    C --> D1[Effect]\n    C --> D2[Action]\n    C --> D3[Resource]\n    C --> D4[Condition]\n","mermaid",[620],{"type":28,"tag":53,"props":621,"children":622},{"__ignoreMap":7},[623,632,640,648,656,664,672],{"type":28,"tag":308,"props":624,"children":625},{"class":310,"line":311},[626],{"type":28,"tag":308,"props":627,"children":629},{"style":628},"--shiki-default:#4C4F69;--shiki-dark:#ABB2BF",[630],{"type":34,"value":631},"graph TD\n",{"type":28,"tag":308,"props":633,"children":634},{"class":310,"line":321},[635],{"type":28,"tag":308,"props":636,"children":637},{"style":628},[638],{"type":34,"value":639},"    A[Policy] --> B[Version]\n",{"type":28,"tag":308,"props":641,"children":642},{"class":310,"line":358},[643],{"type":28,"tag":308,"props":644,"children":645},{"style":628},[646],{"type":34,"value":647},"    A --> C[Statement]\n",{"type":28,"tag":308,"props":649,"children":650},{"class":310,"line":383},[651],{"type":28,"tag":308,"props":652,"children":653},{"style":628},[654],{"type":34,"value":655},"    C --> D1[Effect]\n",{"type":28,"tag":308,"props":657,"children":658},{"class":310,"line":414},[659],{"type":28,"tag":308,"props":660,"children":661},{"style":628},[662],{"type":34,"value":663},"    C --> D2[Action]\n",{"type":28,"tag":308,"props":665,"children":666},{"class":310,"line":443},[667],{"type":28,"tag":308,"props":668,"children":669},{"style":628},[670],{"type":34,"value":671},"    C --> D3[Resource]\n",{"type":28,"tag":308,"props":673,"children":674},{"class":310,"line":472},[675],{"type":28,"tag":308,"props":676,"children":677},{"style":628},[678],{"type":34,"value":679},"    C --> D4[Condition]\n",{"type":28,"tag":681,"props":682,"children":684},"quote",{"icon":683},"ph:info-duotone",[685],{"type":28,"tag":37,"props":686,"children":687},{},[688,690,695,696,701,703,709],{"type":34,"value":689},"IAM policy'ler istek anında AWS tarafından değerlendirilir ve karar verilir. İzinler hem kimliğe hem kaynağa yazılabilir ve her ikisi de toplanır. Çakışma durumunda en kısıtlayıcı kural kazanır ve ",{"type":28,"tag":53,"props":691,"children":693},{"className":692},[],[694],{"type":34,"value":101},{"type":34,"value":103},{"type":28,"tag":53,"props":697,"children":699},{"className":698},[],[700],{"type":34,"value":109},{"type":34,"value":702},"u ezer. Bu mantık, güvenliğin temelidir. (",{"type":28,"tag":113,"props":704,"children":706},{"link":705},"https:\u002F\u002Fdocs.aws.amazon.com\u002FIAM\u002Flatest\u002FUserGuide\u002Freference_policies_evaluation-logic.html",[707],{"type":34,"value":708},"AWS IAM Documentation",{"type":34,"value":710},", 2025)",{"type":28,"tag":29,"props":712,"children":714},{"id":713},"effect-önceliği-neden-allow-ve-deny-karışıklığı-yaratır",[715],{"type":34,"value":716},"Effect önceliği neden Allow ve Deny karışıklığı yaratır?",{"type":28,"tag":37,"props":718,"children":719},{},[720,722,728],{"type":34,"value":721},"Unit42 araştırmasına göre AWS root hesaplarında MFA kapalı olma oranı %42'ye yükseldi ve bu oran son iki yılda artış gösterdi. Bu durum, policy hatalarının etkisini büyütüyor çünkü root hesabı tüm policy'leri atlayabilir ve denetimsiz kalır (",{"type":28,"tag":113,"props":723,"children":725},{"link":724},"https:\u002F\u002Funit42.paloaltonetworks.com\u002Fiam-misconfigurations\u002F",[726],{"type":34,"value":727},"Unit42",{"type":34,"value":729},", 2021).",{"type":28,"tag":37,"props":731,"children":732},{},[733,735,740,742,747,749,755,757,762],{"type":34,"value":734},"AWS değerlendirme sırası değişmez ve üç adımdan oluşur. İlk adım ",{"type":28,"tag":53,"props":736,"children":738},{"className":737},[],[739],{"type":34,"value":161},{"type":34,"value":741},"dir ve her şey yasaktır. İkinci adımda tüm ilgili policy'ler toplanır ve birleştirilir. Üçüncü adımda ",{"type":28,"tag":53,"props":743,"children":745},{"className":744},[],[746],{"type":34,"value":101},{"type":34,"value":748}," var mı diye bakılır, varsa işlem durur. Dördüncü adımda ",{"type":28,"tag":53,"props":750,"children":752},{"className":751},[],[753],{"type":34,"value":754},"Deny",{"type":34,"value":756}," yoksa ",{"type":28,"tag":53,"props":758,"children":760},{"className":759},[],[761],{"type":34,"value":109},{"type":34,"value":763}," aranır ve bulunursa izin verilir.",{"type":28,"tag":37,"props":765,"children":766},{},[767,769,774,776,781,783,788,790,796,798,803,805,810],{"type":34,"value":768},"Bu sıra neden önemlidir? Çünkü ekipler genelde ",{"type":28,"tag":53,"props":770,"children":772},{"className":771},[],[773],{"type":34,"value":153},{"type":34,"value":775}," yazmaya odaklanır ve ",{"type":28,"tag":53,"props":777,"children":779},{"className":778},[],[780],{"type":34,"value":754},{"type":34,"value":782},"i unutur. Oysa hassas kaynaklarda ",{"type":28,"tag":53,"props":784,"children":786},{"className":785},[],[787],{"type":34,"value":754},{"type":34,"value":789},", güvenlik ağıdır ve hataları telafi eder. Örneğin üretim veritabanına ",{"type":28,"tag":53,"props":791,"children":793},{"className":792},[],[794],{"type":34,"value":795},"Delete",{"type":34,"value":797}," izni veren bir ",{"type":28,"tag":53,"props":799,"children":801},{"className":800},[],[802],{"type":34,"value":153},{"type":34,"value":804}," varsa, aynı kaynağa ",{"type":28,"tag":53,"props":806,"children":808},{"className":807},[],[809],{"type":34,"value":754},{"type":34,"value":811}," yazarak bunu ezebilir ve riski sıfırlayabilirsin.",{"type":28,"tag":297,"props":813,"children":815},{"className":616,"code":814,"language":618,"meta":7,"style":7},"flowchart TD\n    Start[API İsteği] --> A[Implicit Deny]\n    A --> B[Tüm Policy'leri Topla]\n    B --> C{Explicit Deny var mı}\n    C -- Evet --> D[RED]\n    C -- Hayır --> E{Explicit Allow var mı}\n    E -- Evet --> F[İZİN VER]\n    E -- Hayır --> G[RED]\n",[816],{"type":28,"tag":53,"props":817,"children":818},{"__ignoreMap":7},[819,827,835,843,851,859,867,875],{"type":28,"tag":308,"props":820,"children":821},{"class":310,"line":311},[822],{"type":28,"tag":308,"props":823,"children":824},{"style":628},[825],{"type":34,"value":826},"flowchart TD\n",{"type":28,"tag":308,"props":828,"children":829},{"class":310,"line":321},[830],{"type":28,"tag":308,"props":831,"children":832},{"style":628},[833],{"type":34,"value":834},"    Start[API İsteği] --> A[Implicit Deny]\n",{"type":28,"tag":308,"props":836,"children":837},{"class":310,"line":358},[838],{"type":28,"tag":308,"props":839,"children":840},{"style":628},[841],{"type":34,"value":842},"    A --> B[Tüm Policy'leri Topla]\n",{"type":28,"tag":308,"props":844,"children":845},{"class":310,"line":383},[846],{"type":28,"tag":308,"props":847,"children":848},{"style":628},[849],{"type":34,"value":850},"    B --> C{Explicit Deny var mı}\n",{"type":28,"tag":308,"props":852,"children":853},{"class":310,"line":414},[854],{"type":28,"tag":308,"props":855,"children":856},{"style":628},[857],{"type":34,"value":858},"    C -- Evet --> D[RED]\n",{"type":28,"tag":308,"props":860,"children":861},{"class":310,"line":443},[862],{"type":28,"tag":308,"props":863,"children":864},{"style":628},[865],{"type":34,"value":866},"    C -- Hayır --> E{Explicit Allow var mı}\n",{"type":28,"tag":308,"props":868,"children":869},{"class":310,"line":472},[870],{"type":28,"tag":308,"props":871,"children":872},{"style":628},[873],{"type":34,"value":874},"    E -- Evet --> F[İZİN VER]\n",{"type":28,"tag":308,"props":876,"children":877},{"class":310,"line":497},[878],{"type":28,"tag":308,"props":879,"children":880},{"style":628},[881],{"type":34,"value":882},"    E -- Hayır --> G[RED]\n",{"type":28,"tag":86,"props":884,"children":886},{"title":885,"type":89},"Unique Insight",[887],{"type":28,"tag":37,"props":888,"children":889},{},[890],{"type":34,"value":891},"Çoğu ekip Allow yazmaya odaklanır, Deny'i unutur. Oysa güvenlik, neye izin verdiğin kadar neyi kesin olarak yasakladığındır ve bu yaklaşım denetimlerde fark yaratır.",{"type":28,"tag":681,"props":893,"children":895},{"icon":894},"ph:shield-check-duotone",[896],{"type":28,"tag":37,"props":897,"children":898},{},[899,904,906,912,914,919,921,926,928,933,935,940,942,946],{"type":28,"tag":53,"props":900,"children":902},{"className":901},[],[903],{"type":34,"value":754},{"type":34,"value":905}," önceliği, ",{"type":28,"tag":53,"props":907,"children":909},{"className":908},[],[910],{"type":34,"value":911},"least privilege",{"type":34,"value":913},"'ın teknik karşılığıdır ve tasarımın merkezindedir. ",{"type":28,"tag":53,"props":915,"children":917},{"className":916},[],[918],{"type":34,"value":153},{"type":34,"value":920}," ne kadar geniş olursa olsun, tek bir iyi yazılmış ",{"type":28,"tag":53,"props":922,"children":924},{"className":923},[],[925],{"type":34,"value":754},{"type":34,"value":927}," yeterlidir ve tüm izinleri iptal eder. Bu yüzden güvenlik ekipleri ",{"type":28,"tag":53,"props":929,"children":931},{"className":930},[],[932],{"type":34,"value":153},{"type":34,"value":934}," yerine ",{"type":28,"tag":53,"props":936,"children":938},{"className":937},[],[939],{"type":34,"value":754},{"type":34,"value":941}," ile başlar ve kritik kaynakları korur. (",{"type":28,"tag":113,"props":943,"children":944},{"link":705},[945],{"type":34,"value":708},{"type":34,"value":710},{"type":28,"tag":29,"props":948,"children":950},{"id":949},"action-ve-resource-yazarken-en-sık-yapılan-hatalar-neler",[951],{"type":34,"value":952},"Action ve Resource yazarken en sık yapılan hatalar neler?",{"type":28,"tag":37,"props":954,"children":955},{},[956,958,963,964,969,971,975],{"type":34,"value":957},"SentinelOne'a göre bulut ihlallerinin %31'inden fazlası yanlış yapılandırma ve manuel hatalardan kaynaklanıyor ve bu oran her yıl artıyor. Bu hataların başında ",{"type":28,"tag":53,"props":959,"children":961},{"className":960},[],[962],{"type":34,"value":66},{"type":34,"value":68},{"type":28,"tag":53,"props":965,"children":967},{"className":966},[],[968],{"type":34,"value":74},{"type":34,"value":970}," alanlarında wildcard kullanımı geliyor ve ekipler bunu kolaylık sanıyor (",{"type":28,"tag":113,"props":972,"children":973},{"link":115},[974],{"type":34,"value":118},{"type":34,"value":120},{"type":28,"tag":37,"props":977,"children":978},{},[979,981,986,988,993,995,1001,1003,1009],{"type":34,"value":980},"Unit42 ise ",{"type":28,"tag":53,"props":982,"children":984},{"className":983},[],[985],{"type":34,"value":15},{"type":34,"value":987}," erişim anahtarlarının %83'ünün 90 günden uzun süredir döndürülmediğini buldu. Bu bulgu, geniş izinler ile eski anahtarların birleştiğinde saldırgan için açık kapı oluşturduğunu gösteriyor ve riski katlıyor. ",{"type":28,"tag":53,"props":989,"children":991},{"className":990},[],[992],{"type":34,"value":66},{"type":34,"value":994}," alanı, işlemin hangi servise ait olduğunu ve o servisteki hangi API fonksiyonunun çağrılacağını belirtir. Yazım formatı her zaman ",{"type":28,"tag":53,"props":996,"children":998},{"className":997,"id":529,"style":558},[528],[999],{"type":34,"value":1000},"servis:ApiCall",{"type":34,"value":1002}," şeklindedir (Örn: ",{"type":28,"tag":53,"props":1004,"children":1006},{"className":1005,"id":529,"style":558},[528],[1007],{"type":34,"value":1008},"s3:PutObject",{"type":34,"value":1010},"). AWS'de binlerce farklı işlem bulunur ve bu standart yapı sayesinde her biri üzerinde hassas kontrol sağlanır.",{"type":28,"tag":37,"props":1012,"children":1013},{},[1014,1016,1022,1023,1029,1031,1037,1039,1045,1047,1053],{"type":34,"value":1015},"En riskli yazım ",{"type":28,"tag":53,"props":1017,"children":1019},{"className":1018,"id":529,"style":558},[528],[1020],{"type":34,"value":1021},"\"Action\": \"*\"",{"type":34,"value":68},{"type":28,"tag":53,"props":1024,"children":1026},{"className":1025,"id":529,"style":558},[528],[1027],{"type":34,"value":1028},"\"Resource\": \"*\"",{"type":34,"value":1030}," kombinasyonudur ve bu ",{"type":28,"tag":53,"props":1032,"children":1034},{"className":1033,"id":529,"style":558},[528],[1035],{"type":34,"value":1036},"AdministratorAccess",{"type":34,"value":1038}," etkisidir. İkinci risk ",{"type":28,"tag":53,"props":1040,"children":1042},{"className":1041,"id":529,"style":558},[528],[1043],{"type":34,"value":1044},"s3:*",{"type":34,"value":1046}," gibi servis genelidir ve bucket silme dahil her şeyi açar. Üçüncü risk ",{"type":28,"tag":53,"props":1048,"children":1050},{"className":1049,"id":529,"style":558},[528],[1051],{"type":34,"value":1052},"iam:*",{"type":34,"value":1054}," vermektir ve kullanıcı yaratma yetkisi içerir. Doğru yaklaşım en az ayrıcalıktır ve her zaman spesifik yazmaktır.",{"type":28,"tag":37,"props":1056,"children":1057},{},[1058,1064,1066,1071,1073,1078,1079,1085,1087,1092,1094,1100,1102,1107,1109,1114,1116,1122,1124,1130],{"type":28,"tag":53,"props":1059,"children":1061},{"className":1060},[],[1062],{"type":34,"value":1063},"S3",{"type":34,"value":1065},"'ten sadece okuma gerekiyorsa ",{"type":28,"tag":53,"props":1067,"children":1069},{"className":1068},[],[1070],{"type":34,"value":66},{"type":34,"value":1072}," alanına ",{"type":28,"tag":53,"props":1074,"children":1076},{"className":1075,"id":529,"style":558},[528],[1077],{"type":34,"value":561},{"type":34,"value":68},{"type":28,"tag":53,"props":1080,"children":1082},{"className":1081,"id":529,"style":558},[528],[1083],{"type":34,"value":1084},"s3:ListBucket",{"type":34,"value":1086}," yazılmalı ve ",{"type":28,"tag":53,"props":1088,"children":1090},{"className":1089},[],[1091],{"type":34,"value":74},{"type":34,"value":1093}," alanına hem bucket ",{"type":28,"tag":53,"props":1095,"children":1097},{"className":1096},[],[1098],{"type":34,"value":1099},"ARN",{"type":34,"value":1101},"'i hem de obje ",{"type":28,"tag":53,"props":1103,"children":1105},{"className":1104},[],[1106],{"type":34,"value":1099},{"type":34,"value":1108},"'i eklenmelidir. ",{"type":28,"tag":53,"props":1110,"children":1112},{"className":1111},[],[1113],{"type":34,"value":1099},{"type":34,"value":1115}," yapısı ",{"type":28,"tag":53,"props":1117,"children":1119},{"className":1118,"id":529,"style":530},[528],[1120],{"type":34,"value":1121},"arn:partition:service:region:account-id:resource",{"type":34,"value":1123}," şeklindedir ve global servislerde ",{"type":28,"tag":53,"props":1125,"children":1127},{"className":1126},[],[1128],{"type":34,"value":1129},"region",{"type":34,"value":1131}," boş bırakılır. Bu detaylar, izni daraltır.",{"type":28,"tag":681,"props":1133,"children":1135},{"icon":1134},"ph:warning-duotone",[1136],{"type":28,"tag":37,"props":1137,"children":1138},{},[1139,1141,1146,1147,1152,1154,1158,1160,1164],{"type":34,"value":1140},"Wildcard kullanımı kolaylık sağlar ama denetimde ve saldırıda patlar. ",{"type":28,"tag":53,"props":1142,"children":1144},{"className":1143},[],[1145],{"type":34,"value":66},{"type":34,"value":68},{"type":28,"tag":53,"props":1148,"children":1150},{"className":1149},[],[1151],{"type":34,"value":74},{"type":34,"value":1153},"u daraltmak, ihlal maliyetini doğrudan düşür çünkü saldırgan geniş izin bulduğunda yatay hareket eder ve yayılır. Bu yüzden her policy review'de wildcard aranmalıdır. (",{"type":28,"tag":113,"props":1155,"children":1156},{"link":115},[1157],{"type":34,"value":118},{"type":34,"value":1159},", 2026 | ",{"type":28,"tag":113,"props":1161,"children":1162},{"link":724},[1163],{"type":34,"value":727},{"type":34,"value":1165},", 2021)",{"type":28,"tag":29,"props":1167,"children":1169},{"id":1168},"condition-ve-principal-ne-zaman-kullanılmalı",[1170],{"type":34,"value":1171},"Condition ve Principal ne zaman kullanılmalı?",{"type":28,"tag":37,"props":1173,"children":1174},{},[1175,1177,1182,1184,1188],{"type":34,"value":1176},"Kimlik ihlalleri bulut ihlallerinin %70'inden fazlasını oluşturuyor ve bu oran kimlik yönetimini merkeze koyuyor. Bu tablo, ",{"type":28,"tag":53,"props":1178,"children":1180},{"className":1179},[],[1181],{"type":34,"value":82},{"type":34,"value":1183}," kullanmadan yazılan her policy'nin eksik olduğunu gösteriyor ve ekiplerin bunu atlamaması gerekiyor (",{"type":28,"tag":113,"props":1185,"children":1186},{"link":115},[1187],{"type":34,"value":118},{"type":34,"value":120},{"type":28,"tag":37,"props":1190,"children":1191},{},[1192,1194,1199,1200,1206,1208,1213,1215,1221,1223,1229,1231,1237,1239,1245],{"type":34,"value":1193},"Trend Micro analizine göre bulut güvenlik sorunlarının %65-70'i yanlış yapılandırmadan geliyor ve bu sorunların çoğu ",{"type":28,"tag":53,"props":1195,"children":1197},{"className":1196},[],[1198],{"type":34,"value":82},{"type":34,"value":68},{"type":28,"tag":53,"props":1201,"children":1203},{"className":1202},[],[1204],{"type":34,"value":1205},"Principal",{"type":34,"value":1207}," eksikliğinden kaynaklanıyor. ",{"type":28,"tag":53,"props":1209,"children":1211},{"className":1210},[],[1212],{"type":34,"value":82},{"type":34,"value":1214},", isteğin bağlamına bakar ve ",{"type":28,"tag":53,"props":1216,"children":1218},{"className":1217,"id":529,"style":530},[528],[1219],{"type":34,"value":1220},"IP",{"type":34,"value":1222}," adresi, ",{"type":28,"tag":53,"props":1224,"children":1226},{"className":1225,"id":529,"style":530},[528],[1227],{"type":34,"value":1228},"MFA",{"type":34,"value":1230}," durumu, kaynak ",{"type":28,"tag":53,"props":1232,"children":1234},{"className":1233,"id":529,"style":530},[528],[1235],{"type":34,"value":1236},"tag",{"type":34,"value":1238},"'i veya ",{"type":28,"tag":53,"props":1240,"children":1242},{"className":1241,"id":529,"style":530},[528],[1243],{"type":34,"value":1244},"VPC ID",{"type":34,"value":1246}," gibi değerlerle filtreler. Bu filtreler, çalınmış anahtarın etkisini azaltır.",{"type":28,"tag":37,"props":1248,"children":1249},{},[1250,1255,1257,1262,1264,1269,1271,1277,1279,1284,1286,1292,1294,1300],{"type":28,"tag":53,"props":1251,"children":1253},{"className":1252},[],[1254],{"type":34,"value":1205},{"type":34,"value":1256}," alanı ise sadece ",{"type":28,"tag":53,"props":1258,"children":1260},{"className":1259},[],[1261],{"type":34,"value":212},{"type":34,"value":1263}," policy'lerde zorunludur ve kime izin verdiğini belirtir. ",{"type":28,"tag":53,"props":1265,"children":1267},{"className":1266},[],[1268],{"type":34,"value":1063},{"type":34,"value":1270}," bucket policy veya ",{"type":28,"tag":53,"props":1272,"children":1274},{"className":1273},[],[1275],{"type":34,"value":1276},"KMS",{"type":34,"value":1278}," key policy yazarken spesifik rol ",{"type":28,"tag":53,"props":1280,"children":1282},{"className":1281},[],[1283],{"type":34,"value":1099},{"type":34,"value":1285},"'i verilmelidir. ",{"type":28,"tag":53,"props":1287,"children":1289},{"className":1288},[],[1290],{"type":34,"value":1291},"\"Principal\": \"*\"",{"type":34,"value":1293}," yazmak herkese açmak demektir ve genelde hatadır. Doğrusu ",{"type":28,"tag":53,"props":1295,"children":1297},{"className":1296,"id":529,"style":530},[528],[1298],{"type":34,"value":1299},"aws:PrincipalOrgID",{"type":34,"value":1301}," ile organizasyon sınırlamasıdır.",{"type":28,"tag":29,"props":1303,"children":1305},{"id":1304},"notaction-notresource-notprincipal-neden-tehlikelidir",[1306],{"type":34,"value":1307},"NotAction, NotResource, NotPrincipal neden tehlikelidir?",{"type":28,"tag":37,"props":1309,"children":1310},{},[1311,1313,1319,1321,1325],{"type":34,"value":1312},"Bulut güvenlik hatalarının %95'i insan hatasından kaynaklanan yanlış yapılandırmalardır ve bu hataların en sinsi olanları ",{"type":28,"tag":53,"props":1314,"children":1316},{"className":1315},[],[1317],{"type":34,"value":1318},"Not",{"type":34,"value":1320}," operatörleridir çünkü ters mantıkla çalışırlar ve gözden kaçarlar (",{"type":28,"tag":113,"props":1322,"children":1323},{"link":115},[1324],{"type":34,"value":118},{"type":34,"value":120},{"type":28,"tag":37,"props":1327,"children":1328},{},[1329,1335,1337,1343,1345,1351,1353,1358,1359,1364,1365,1371,1373,1378],{"type":28,"tag":53,"props":1330,"children":1332},{"className":1331},[],[1333],{"type":34,"value":1334},"NotAction",{"type":34,"value":1336},", belirttiğin işlem hariç her şeye izin verir ve ekipler bunu genelde yanlış anlar. ",{"type":28,"tag":53,"props":1338,"children":1340},{"className":1339},[],[1341],{"type":34,"value":1342},"\"NotAction\": \"ec2:*\"",{"type":34,"value":1344}," yazdığında ",{"type":28,"tag":53,"props":1346,"children":1348},{"className":1347},[],[1349],{"type":34,"value":1350},"EC2",{"type":34,"value":1352}," hariç ",{"type":28,"tag":53,"props":1354,"children":1356},{"className":1355},[],[1357],{"type":34,"value":17},{"type":34,"value":147},{"type":28,"tag":53,"props":1360,"children":1362},{"className":1361},[],[1363],{"type":34,"value":1063},{"type":34,"value":147},{"type":28,"tag":53,"props":1366,"children":1368},{"className":1367},[],[1369],{"type":34,"value":1370},"RDS",{"type":34,"value":1372}," dahil her şeyi açarsın. Çoğu kişi ",{"type":28,"tag":53,"props":1374,"children":1376},{"className":1375},[],[1377],{"type":34,"value":1350},{"type":34,"value":1379},"'yi yasakladığını sanır, oysa geri kalanı serbest bırakır ve fark etmez.",{"type":28,"tag":37,"props":1381,"children":1382},{},[1383,1389,1391,1397,1399,1404,1406,1412,1413,1419,1421,1427,1429,1434],{"type":28,"tag":53,"props":1384,"children":1386},{"className":1385},[],[1387],{"type":34,"value":1388},"NotResource",{"type":34,"value":1390}," benzer şekilde çalışır ve belirttiğin kaynak hariç her yere izin verir. En tehlikelisi ",{"type":28,"tag":53,"props":1392,"children":1394},{"className":1393},[],[1395],{"type":34,"value":1396},"NotPrincipal",{"type":34,"value":1398}," ile ",{"type":28,"tag":53,"props":1400,"children":1402},{"className":1401},[],[1403],{"type":34,"value":153},{"type":34,"value":1405}," kombinasyonudur ve ",{"type":28,"tag":53,"props":1407,"children":1409},{"className":1408},[],[1410],{"type":34,"value":1411},"\"Effect\": \"Allow\"",{"type":34,"value":147},{"type":28,"tag":53,"props":1414,"children":1416},{"className":1415,"id":529,"style":530},[528],[1417],{"type":34,"value":1418},"\"NotPrincipal\": {\"AWS\": \"arn:aws:iam::123456789012:user\u002FAli\"}",{"type":34,"value":1420}," yazarsan, ",{"type":28,"tag":53,"props":1422,"children":1424},{"className":1423},[],[1425],{"type":34,"value":1426},"Ali",{"type":34,"value":1428}," hariç tüm ",{"type":28,"tag":53,"props":1430,"children":1432},{"className":1431},[],[1433],{"type":34,"value":15},{"type":34,"value":1435}," hesaplarına izin vermiş olursun. Bu, internete açık policy demektir.",{"type":28,"tag":86,"props":1437,"children":1439},{"title":885,"type":1438},"warning",[1440],{"type":28,"tag":37,"props":1441,"children":1442},{},[1443,1448,1450,1456,1458,1463,1465,1470,1472,1477],{"type":28,"tag":53,"props":1444,"children":1446},{"className":1445},[],[1447],{"type":34,"value":1318},{"type":34,"value":1449}," operatörleri, güvenlik yerine kolaylık için yazılır ve kısa görünür ama denetimde patlar. ",{"type":28,"tag":53,"props":1451,"children":1453},{"className":1452},[],[1454],{"type":34,"value":1455},"Least privilege",{"type":34,"value":1457}," ile çelişir ve bu yüzden ",{"type":28,"tag":53,"props":1459,"children":1461},{"className":1460},[],[1462],{"type":34,"value":15},{"type":34,"value":1464}," best practice dokümanları ",{"type":28,"tag":53,"props":1466,"children":1468},{"className":1467},[],[1469],{"type":34,"value":1318},{"type":34,"value":1471}," kullanımını sadece ",{"type":28,"tag":53,"props":1473,"children":1475},{"className":1474},[],[1476],{"type":34,"value":754},{"type":34,"value":1478}," ile ve çok dar senaryolarda önerir.",{"type":28,"tag":29,"props":1480,"children":1482},{"id":1481},"sıkça-sorulan-sorular",[1483],{"type":34,"value":1484},"Sıkça Sorulan Sorular",{"type":28,"tag":1486,"props":1487,"children":1489},"h3",{"id":1488},"iam-policyde-varsayılan-davranış-nedir",[1490],{"type":34,"value":1491},"IAM policy'de varsayılan davranış nedir?",{"type":28,"tag":37,"props":1493,"children":1494},{},[1495,1497,1502],{"type":34,"value":1496},"Varsayılan davranış ",{"type":28,"tag":53,"props":1498,"children":1500},{"className":1499},[],[1501],{"type":34,"value":161},{"type":34,"value":1503},"dir ve hiçbir policy yoksa erişim reddedilir. SentinelOne 2026'da şirketlerin %80'inin ihlal yaşadığını raporladı ve bu oran, varsayılanı güvenli tutmanın neden önemli olduğunu gösteriyor. Çünkü varsayılan açık olsaydı, her yeni kaynak otomatik olarak risk oluştururdu ve denetim imkansız hale gelirdi.",{"type":28,"tag":1486,"props":1505,"children":1507},{"id":1506},"explicit-deny-ne-zaman-kullanılmalı",[1508],{"type":34,"value":1509},"Explicit Deny ne zaman kullanılmalı?",{"type":28,"tag":37,"props":1511,"children":1512},{},[1513,1515,1520,1522,1527,1529,1534],{"type":34,"value":1514},"Hassas kaynaklarda her zaman kullanılmalıdır ve güvenlik stratejisinin parçası olmalıdır. Örneğin üretim veritabanına silme iznini engellemek için ",{"type":28,"tag":53,"props":1516,"children":1518},{"className":1517},[],[1519],{"type":34,"value":754},{"type":34,"value":1521}," yazılır. Unit42'ye göre root MFA kapalı oranı %42 ve bu boşlukta ",{"type":28,"tag":53,"props":1523,"children":1525},{"className":1524},[],[1526],{"type":34,"value":754},{"type":34,"value":1528}," son savunma hattıdır, ",{"type":28,"tag":53,"props":1530,"children":1532},{"className":1531},[],[1533],{"type":34,"value":153},{"type":34,"value":1535},"u ezer ve hataları telafi eder.",{"type":28,"tag":1486,"props":1537,"children":1539},{"id":1538},"actionda-wildcard-kullanmak-güvenli-mi",[1540],{"type":34,"value":1541},"Action'da wildcard kullanmak güvenli mi?",{"type":28,"tag":37,"props":1543,"children":1544},{},[1545,1547,1553,1555,1561,1563,1569],{"type":34,"value":1546},"Hayır, güvenli değildir ve çoğu ihlalin sebebidir. ",{"type":28,"tag":53,"props":1548,"children":1550},{"className":1549,"id":529,"style":558},[528],[1551],{"type":34,"value":1552},"\"s3:*\"",{"type":34,"value":1554}," yazmak, ",{"type":28,"tag":53,"props":1556,"children":1558},{"className":1557,"id":529,"style":558},[528],[1559],{"type":34,"value":1560},"GetObject",{"type":34,"value":1562}," dahil 100'den fazla izni açar ve ",{"type":28,"tag":53,"props":1564,"children":1566},{"className":1565},[],[1567],{"type":34,"value":1568},"DeleteBucket",{"type":34,"value":1570}," gibi yıkıcı işlemleri de içerir. İhlallerin %31'i yanlış yapılandırmadan geliyor ve wildcard başlıca sebep budur, bu yüzden her zaman spesifik yazılmalıdır.",{"type":28,"tag":1486,"props":1572,"children":1574},{"id":1573},"resource-ne-zaman-kabul-edilebilir",[1575],{"type":34,"value":1576},"Resource \"*\" ne zaman kabul edilebilir?",{"type":28,"tag":37,"props":1578,"children":1579},{},[1580,1582,1588,1590,1595],{"type":34,"value":1581},"Neredeyse hiç kabul edilmez ve sadece istisnai durumlarda kullanılır. Sadece ",{"type":28,"tag":53,"props":1583,"children":1585},{"className":1584,"id":529,"style":558},[528],[1586],{"type":34,"value":1587},"iam:ListUsers",{"type":34,"value":1589}," gibi hesap seviyesi salt-okunur işlemlerde kullanılabilir. Veri içeren servislerde her zaman spesifik ",{"type":28,"tag":53,"props":1591,"children":1593},{"className":1592},[],[1594],{"type":34,"value":1099},{"type":34,"value":1596}," yazılmalı ve wildcard'tan kaçınılmalıdır, aksi halde veri sızıntısı riski artar.",{"type":28,"tag":1486,"props":1598,"children":1600},{"id":1599},"condition-ile-mfa-zorunlu-kılınabilir-mi",[1601],{"type":34,"value":1602},"Condition ile MFA zorunlu kılınabilir mi?",{"type":28,"tag":37,"props":1604,"children":1605},{},[1606,1608,1613,1615,1621,1623,1628,1630,1635],{"type":34,"value":1607},"Evet, ",{"type":28,"tag":53,"props":1609,"children":1611},{"className":1610},[],[1612],{"type":34,"value":82},{"type":34,"value":1614}," ile zorunlu kılınabilir ve bu en iyi uygulamalardan biridir. ",{"type":28,"tag":53,"props":1616,"children":1618},{"className":1617,"id":529,"style":530},[528],[1619],{"type":34,"value":1620},"\"Bool\": {\"aws:MultiFactorAuthPresent\": \"true\"}",{"type":34,"value":1622}," koşulu eklenir. Kimlik ihlalleri bulut ihlallerinin %70'inden fazlasını oluşturuyor, ",{"type":28,"tag":53,"props":1624,"children":1626},{"className":1625,"id":529,"style":530},[528],[1627],{"type":34,"value":1228},{"type":34,"value":1629}," bu riski doğrudan keser ve ",{"type":28,"tag":53,"props":1631,"children":1633},{"className":1632},[],[1634],{"type":34,"value":82},{"type":34,"value":1636}," olmadan policy eksik kalır ve denetimden geçemez.",{"type":28,"tag":1638,"props":1639,"children":1640},"style",{},[1641],{"type":34,"value":1642},"html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}",{"title":7,"searchDepth":383,"depth":383,"links":1644},[1645,1646,1647,1648,1649,1650,1651],{"id":31,"depth":321,"text":35},{"id":181,"depth":321,"text":184},{"id":713,"depth":321,"text":716},{"id":949,"depth":321,"text":952},{"id":1168,"depth":321,"text":1171},{"id":1304,"depth":321,"text":1307},{"id":1481,"depth":321,"text":1484,"children":1652},[1653,1654,1655,1656,1657],{"id":1488,"depth":358,"text":1491},{"id":1506,"depth":358,"text":1509},{"id":1538,"depth":358,"text":1541},{"id":1573,"depth":358,"text":1576},{"id":1599,"depth":358,"text":1602},"markdown","content:posts:2026:aws-iam-policy-yapisi-nasil-calisir.md","content","posts\u002F2026\u002Faws-iam-policy-yapisi-nasil-calisir.md","posts\u002F2026\u002Faws-iam-policy-yapisi-nasil-calisir","md","\u002Fposts",[1666,1670],{"_path":1667,"title":1668,"date":1669},"\u002F2026\u002Faws-iam-principal-nedir-kullanici-rol-ve-herkes-arasindaki-fark","AWS IAM Principal Nedir? Kullanıcı, Rol ve Herkes Arasındaki Fark","2026-04-22T08:00:00.000Z",null,1776934249741]