[{"data":1,"prerenderedAt":630},["ShallowReactive",2],{"\u002F2025\u002Faws-security":3,"surround-\u002F2025\u002Faws-security":621},{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":8,"description":9,"date":10,"updated":10,"image":11,"categories":12,"tags":14,"draft":6,"readingTime":17,"body":22,"_type":614,"_id":615,"_source":616,"_file":617,"_stem":618,"_extension":619,"_original_dir":620},"\u002F2025\u002Faws-security","2025",false,"","9 - AWS Security","Bu yazıda, AWS üzerindeki kimlik yönetimi, ağ koruması, şifreleme ve tehdit algılama hizmetlerine dair temel kavramları ve hizmetleri inceleyeceğiz.","2025-11-26T11:24:28.000Z","https:\u002F\u002Fhackpaper-image-server.pages.dev\u002Fimages\u002Fblogs\u002Faws-security\u002F2.jpg",[13],"Cloud",[15,16],"AWS","CLF-C02",{"text":18,"minutes":19,"time":20,"words":21},"3 min read",2.7,162000,540,{"type":23,"children":24,"toc":593},"root",[25,31,39,45,52,102,108,151,157,197,201,207,212,218,241,247,280,286,330,333,339,344,350,374,380,413,419,452,455,461,466,579],{"type":26,"tag":27,"props":28,"children":30},"element","pic",{"src":29},"https:\u002F\u002Fhackpaper-image-server.pages.dev\u002Fimages\u002Fblogs\u002Faws-security\u002F1.jpg",[],{"type":26,"tag":32,"props":33,"children":35},"h2",{"id":34},"_1-kimlik-ve-erişim-yönetimi-identity-and-access-management",[36],{"type":37,"value":38},"text","1. Kimlik ve Erişim Yönetimi (Identity and Access Management)",{"type":26,"tag":40,"props":41,"children":42},"p",{},[43],{"type":37,"value":44},"AWS IAM, kimlikleri ve AWS kaynaklarına erişimi güvenli bir şekilde yönetmek için kullanılan temel hizmettir.",{"type":26,"tag":46,"props":47,"children":49},"h3",{"id":48},"güvenlik-prensipleri",[50],{"type":37,"value":51},"Güvenlik Prensipleri",{"type":26,"tag":53,"props":54,"children":55},"ul",{},[56,75,85],{"type":26,"tag":57,"props":58,"children":59},"li",{},[60,66,68,73],{"type":26,"tag":61,"props":62,"children":63},"strong",{},[64],{"type":37,"value":65},"Varsayılan Erişim:",{"type":37,"value":67}," Varsayılan olarak ",{"type":26,"tag":61,"props":69,"children":70},{},[71],{"type":37,"value":72},"tüm eylemler reddedilir (Deny)",{"type":37,"value":74},".",{"type":26,"tag":57,"props":76,"children":77},{},[78,83],{"type":26,"tag":61,"props":79,"children":80},{},[81],{"type":37,"value":82},"Açık İzin:",{"type":37,"value":84}," Kullanıcılar yalnızca açıkça izin verilen işlemleri yapabilir.",{"type":26,"tag":57,"props":86,"children":87},{},[88,93,95,100],{"type":26,"tag":61,"props":89,"children":90},{},[91],{"type":37,"value":92},"En Az Ayrıcalık (Least Privilege):",{"type":37,"value":94}," Kullanıcılar veya sistemler, yalnızca görevlerini yerine getirmek için ihtiyaç duydukları ",{"type":26,"tag":61,"props":96,"children":97},{},[98],{"type":37,"value":99},"minimum erişime",{"type":37,"value":101}," sahip olmalıdır.",{"type":26,"tag":46,"props":103,"children":105},{"id":104},"temel-iam-bileşenleri",[106],{"type":37,"value":107},"Temel IAM Bileşenleri",{"type":26,"tag":53,"props":109,"children":110},{},[111,121,131,141],{"type":26,"tag":57,"props":112,"children":113},{},[114,119],{"type":26,"tag":61,"props":115,"children":116},{},[117],{"type":37,"value":118},"Kullanıcılar (Users):",{"type":37,"value":120}," Bireysel kimliklerdir.",{"type":26,"tag":57,"props":122,"children":123},{},[124,129],{"type":26,"tag":61,"props":125,"children":126},{},[127],{"type":37,"value":128},"Gruplar (Groups):",{"type":37,"value":130}," Kullanıcıları toplu olarak yönetmek ve izin atamak için kullanılır.",{"type":26,"tag":57,"props":132,"children":133},{},[134,139],{"type":26,"tag":61,"props":135,"children":136},{},[137],{"type":37,"value":138},"Roller (Roles):",{"type":37,"value":140}," Özellikle uygulamalar ve AWS hizmetleri için geçici yetki\u002Ferişim sağlamak amacıyla kullanılır.",{"type":26,"tag":57,"props":142,"children":143},{},[144,149],{"type":26,"tag":61,"props":145,"children":146},{},[147],{"type":37,"value":148},"Politikalar (Policies):",{"type":37,"value":150}," İzinleri tanımlayan JSON formatındaki dokümanlardır.",{"type":26,"tag":46,"props":152,"children":154},{"id":153},"ek-kimlik-ve-yönetim-hizmetleri",[155],{"type":37,"value":156},"Ek Kimlik ve Yönetim Hizmetleri",{"type":26,"tag":53,"props":158,"children":159},{},[160,177,187],{"type":26,"tag":57,"props":161,"children":162},{},[163,168,170,175],{"type":26,"tag":61,"props":164,"children":165},{},[166],{"type":37,"value":167},"AWS IAM Identity Center:",{"type":37,"value":169}," Merkezi kimlik yönetimi sağlar ve mevcut kimlik kaynaklarına bağlanarak ",{"type":26,"tag":61,"props":171,"children":172},{},[173],{"type":37,"value":174},"Tek Oturum Açma (SSO)",{"type":37,"value":176}," imkanı sunar.",{"type":26,"tag":57,"props":178,"children":179},{},[180,185],{"type":26,"tag":61,"props":181,"children":182},{},[183],{"type":37,"value":184},"AWS Secrets Manager:",{"type":37,"value":186}," Veritabanı parolaları ve API anahtarları gibi hassas verileri yaşam döngüleri boyunca güvenli bir şekilde saklar ve yönetir.",{"type":26,"tag":57,"props":188,"children":189},{},[190,195],{"type":26,"tag":61,"props":191,"children":192},{},[193],{"type":37,"value":194},"AWS Systems Manager:",{"type":37,"value":196}," Çoklu bulut ve hibrit ortamlarda sistem yönetimini merkezileştirir ve güvenlik otomasyonu sağlar.",{"type":26,"tag":198,"props":199,"children":200},"hr",{},[],{"type":26,"tag":32,"props":202,"children":204},{"id":203},"_2-ağ-ve-uygulama-koruması",[205],{"type":37,"value":206},"2. Ağ ve Uygulama Koruması",{"type":26,"tag":40,"props":208,"children":209},{},[210],{"type":37,"value":211},"Ağ güvenliği, hem altyapı seviyesinde hem de uygulama katmanında saldırıları önlemeyi hedefler.",{"type":26,"tag":46,"props":213,"children":215},{"id":214},"saldırı-türleri",[216],{"type":37,"value":217},"Saldırı Türleri",{"type":26,"tag":53,"props":219,"children":220},{},[221,231],{"type":26,"tag":57,"props":222,"children":223},{},[224,229],{"type":26,"tag":61,"props":225,"children":226},{},[227],{"type":37,"value":228},"DoS (Denial of Service):",{"type":37,"value":230}," Tek bir kaynaktan gelen aşırı trafikle web uygulamasını çökertme girişimi.",{"type":26,"tag":57,"props":232,"children":233},{},[234,239],{"type":26,"tag":61,"props":235,"children":236},{},[237],{"type":37,"value":238},"DDoS (Distributed Denial of Service):",{"type":37,"value":240}," Binlerce zombi botun (dağıtılmış kaynaklar) trafiği çoğaltarak sisteme saldırması.",{"type":26,"tag":46,"props":242,"children":244},{"id":243},"aws-altyapı-koruması",[245],{"type":37,"value":246},"AWS Altyapı Koruması",{"type":26,"tag":53,"props":248,"children":249},{},[250,260,270],{"type":26,"tag":57,"props":251,"children":252},{},[253,258],{"type":26,"tag":61,"props":254,"children":255},{},[256],{"type":37,"value":257},"Güvenlik Grupları (Security Groups):",{"type":37,"value":259}," Sanal güvenlik duvarı gibi davranarak yalnızca izin verilen trafiğin geçişine olanak tanır.",{"type":26,"tag":57,"props":261,"children":262},{},[263,268],{"type":26,"tag":61,"props":264,"children":265},{},[266],{"type":37,"value":267},"Elastik Yük Dengeleme (ELB):",{"type":37,"value":269}," Gelen trafiği birden fazla hedefe dağıtarak sunucuların aşırı yüklenmesini engeller.",{"type":26,"tag":57,"props":271,"children":272},{},[273,278],{"type":26,"tag":61,"props":274,"children":275},{},[276],{"type":37,"value":277},"AWS Bölgeleri:",{"type":37,"value":279}," AWS'nin devasa kapasiteli altyapısı, büyük ölçekli saldırıları absorbe etme yeteneği sağlar.",{"type":26,"tag":46,"props":281,"children":283},{"id":282},"özel-koruma-hizmetleri",[284],{"type":37,"value":285},"Özel Koruma Hizmetleri",{"type":26,"tag":53,"props":287,"children":288},{},[289,320],{"type":26,"tag":57,"props":290,"children":291},{},[292,297],{"type":26,"tag":61,"props":293,"children":294},{},[295],{"type":37,"value":296},"AWS Shield:",{"type":26,"tag":53,"props":298,"children":299},{},[300,310],{"type":26,"tag":57,"props":301,"children":302},{},[303,308],{"type":26,"tag":61,"props":304,"children":305},{},[306],{"type":37,"value":307},"Standard:",{"type":37,"value":309}," Ücretsizdir. Yaygın DDoS saldırılarına karşı otomatik koruma sağlar.",{"type":26,"tag":57,"props":311,"children":312},{},[313,318],{"type":26,"tag":61,"props":314,"children":315},{},[316],{"type":37,"value":317},"Advanced:",{"type":37,"value":319}," Ücretlidir. Gelişmiş teşhis, karmaşık saldırı koruması ve maliyet koruması sunar.",{"type":26,"tag":57,"props":321,"children":322},{},[323,328],{"type":26,"tag":61,"props":324,"children":325},{},[326],{"type":37,"value":327},"AWS WAF (Web Application Firewall):",{"type":37,"value":329}," Web uygulamalarını korur. IP bazlı erişim kontrolü sağlar, SQL enjeksiyonu gibi kötü amaçlı istekleri engeller ve Web ACL'leri (Erişim Kontrol Listeleri) kullanır.",{"type":26,"tag":198,"props":331,"children":332},{},[],{"type":26,"tag":32,"props":334,"children":336},{"id":335},"_3-veri-güvenliği-ve-şifreleme-encryption",[337],{"type":37,"value":338},"3. Veri Güvenliği ve Şifreleme (Encryption)",{"type":26,"tag":40,"props":340,"children":341},{},[342],{"type":37,"value":343},"Veri güvenliği, verinin hem saklanırken hem de transfer edilirken kilitlenmesi mantığına dayanır.",{"type":26,"tag":46,"props":345,"children":347},{"id":346},"temel-şifreleme-türleri",[348],{"type":37,"value":349},"Temel Şifreleme Türleri",{"type":26,"tag":351,"props":352,"children":353},"ol",{},[354,364],{"type":26,"tag":57,"props":355,"children":356},{},[357,362],{"type":26,"tag":61,"props":358,"children":359},{},[360],{"type":37,"value":361},"Durağan Veri (At Rest):",{"type":37,"value":363}," Disk üzerinde depolanmış veriler (Örn: Veritabanı, Dosya depolama).",{"type":26,"tag":57,"props":365,"children":366},{},[367,372],{"type":26,"tag":61,"props":368,"children":369},{},[370],{"type":37,"value":371},"Hareket Halindeki Veri (In Transit):",{"type":37,"value":373}," Ağ üzerinden transfer edilen veriler (SSL\u002FTLS sertifikaları ile korunur).",{"type":26,"tag":46,"props":375,"children":377},{"id":376},"aws-hizmetlerinde-yerleşik-koruma",[378],{"type":37,"value":379},"AWS Hizmetlerinde Yerleşik Koruma",{"type":26,"tag":53,"props":381,"children":382},{},[383,393,403],{"type":26,"tag":57,"props":384,"children":385},{},[386,391],{"type":26,"tag":61,"props":387,"children":388},{},[389],{"type":37,"value":390},"Amazon S3:",{"type":37,"value":392}," Tüm yeni bucket'lar ve nesneler varsayılan olarak şifrelenir.",{"type":26,"tag":57,"props":394,"children":395},{},[396,401],{"type":26,"tag":61,"props":397,"children":398},{},[399],{"type":37,"value":400},"Amazon EBS:",{"type":37,"value":402}," Boot ve data volume'leri dahil olmak üzere birimler ve anlık görüntüler (snapshots) şifrelenebilir.",{"type":26,"tag":57,"props":404,"children":405},{},[406,411],{"type":26,"tag":61,"props":407,"children":408},{},[409],{"type":37,"value":410},"Amazon DynamoDB:",{"type":37,"value":412}," Tüm tablo verileri AWS KMS anahtarlarıyla sunucu taraflı şifreleme kullanır.",{"type":26,"tag":46,"props":414,"children":416},{"id":415},"veri-koruma-ve-anahtar-yönetim-araçları",[417],{"type":37,"value":418},"Veri Koruma ve Anahtar Yönetim Araçları",{"type":26,"tag":53,"props":420,"children":421},{},[422,432,442],{"type":26,"tag":57,"props":423,"children":424},{},[425,430],{"type":26,"tag":61,"props":426,"children":427},{},[428],{"type":37,"value":429},"AWS KMS (Key Management Service):",{"type":37,"value":431}," Şifreleme anahtarlarını oluşturur ve yönetir. IAM ile entegre çalışarak anahtarlara kimin erişebileceğini denetler.",{"type":26,"tag":57,"props":433,"children":434},{},[435,440],{"type":26,"tag":61,"props":436,"children":437},{},[438],{"type":37,"value":439},"Amazon Macie:",{"type":37,"value":441}," Makine öğrenimi kullanarak S3 üzerindeki hassas verileri (PII vb.) otomatik olarak keşfeder, sınıflandırır ve korur.",{"type":26,"tag":57,"props":443,"children":444},{},[445,450],{"type":26,"tag":61,"props":446,"children":447},{},[448],{"type":37,"value":449},"AWS Certificate Manager (ACM):",{"type":37,"value":451}," Hareket halindeki verilerin şifrelenmesi için gerekli olan SSL\u002FTLS sertifikalarının oluşturulmasını ve yönetimini sağlar.",{"type":26,"tag":198,"props":453,"children":454},{},[],{"type":26,"tag":32,"props":456,"children":458},{"id":457},"_4-tespit-i̇zleme-ve-yanıt-hizmetleri",[459],{"type":37,"value":460},"4. Tespit, İzleme ve Yanıt Hizmetleri",{"type":26,"tag":40,"props":462,"children":463},{},[464],{"type":37,"value":465},"AWS ortamındaki güvenlik açıklarını bulmak ve tehditlere yanıt vermek için kullanılan araçlardır.",{"type":26,"tag":467,"props":468,"children":469},"table",{},[470,490],{"type":26,"tag":471,"props":472,"children":473},"thead",{},[474],{"type":26,"tag":475,"props":476,"children":477},"tr",{},[478,485],{"type":26,"tag":479,"props":480,"children":482},"th",{"align":481},"left",[483],{"type":37,"value":484},"Hizmet",{"type":26,"tag":479,"props":486,"children":487},{"align":481},[488],{"type":37,"value":489},"Görevi ve Özellikleri",{"type":26,"tag":491,"props":492,"children":493},"tbody",{},[494,516,537,558],{"type":26,"tag":475,"props":495,"children":496},{},[497,506],{"type":26,"tag":498,"props":499,"children":500},"td",{"align":481},[501],{"type":26,"tag":61,"props":502,"children":503},{},[504],{"type":37,"value":505},"Amazon Inspector",{"type":26,"tag":498,"props":507,"children":508},{"align":481},[509,514],{"type":26,"tag":61,"props":510,"children":511},{},[512],{"type":37,"value":513},"Otomatik Güvenlik Değerlendirmesi:",{"type":37,"value":515}," EC2, Konteyner ve Lambda için güvenlik açıklarını ve en iyi uygulamalardan sapmaları tarar. Bulguları önem derecesine göre sıralar.",{"type":26,"tag":475,"props":517,"children":518},{},[519,527],{"type":26,"tag":498,"props":520,"children":521},{"align":481},[522],{"type":26,"tag":61,"props":523,"children":524},{},[525],{"type":37,"value":526},"Amazon GuardDuty",{"type":26,"tag":498,"props":528,"children":529},{"align":481},[530,535],{"type":26,"tag":61,"props":531,"children":532},{},[533],{"type":37,"value":534},"Akıllı Tehdit Tespiti:",{"type":37,"value":536}," Ağ etkinliklerini, hesap meta verilerini ve logları sürekli izler. Makine öğrenimi ile anomali ve kötü niyetli IP tespiti yapar.",{"type":26,"tag":475,"props":538,"children":539},{},[540,548],{"type":26,"tag":498,"props":541,"children":542},{"align":481},[543],{"type":26,"tag":61,"props":544,"children":545},{},[546],{"type":37,"value":547},"Amazon Detective",{"type":26,"tag":498,"props":549,"children":550},{"align":481},[551,556],{"type":26,"tag":61,"props":552,"children":553},{},[554],{"type":37,"value":555},"Kök Neden Analizi:",{"type":37,"value":557}," Tespit edilen bir tehdidin kaynağını bulmak için verileri görselleştirir. Kaynak ve kullanıcı etkileşimlerini zaman çizelgesi üzerinde inceler.",{"type":26,"tag":475,"props":559,"children":560},{},[561,569],{"type":26,"tag":498,"props":562,"children":563},{"align":481},[564],{"type":26,"tag":61,"props":565,"children":566},{},[567],{"type":37,"value":568},"AWS Security Hub",{"type":26,"tag":498,"props":570,"children":571},{"align":481},[572,577],{"type":26,"tag":61,"props":573,"children":574},{},[575],{"type":37,"value":576},"Merkezi Güvenlik Panosu:",{"type":37,"value":578}," Tüm güvenlik hizmetlerinden (ve 3. taraf araçlardan) gelen bulguları tek merkezde toplar. \"Insights\" ile önceliklendirme ve otomatik düzeltme imkanı sunar.",{"type":26,"tag":580,"props":581,"children":582},"blockquote",{},[583],{"type":26,"tag":40,"props":584,"children":585},{},[586,591],{"type":26,"tag":61,"props":587,"children":588},{},[589],{"type":37,"value":590},"Not:",{"type":37,"value":592}," Her hizmetin güvenlik yapılandırması farklılık gösterebilir. Daima ilgili hizmetin resmi belgelerini referans alın. AWS Marketplace üzerinden, AWS'nin yerel hizmetlerini tamamlayıcı üçüncü parti güvenlik çözümlerine de erişilebilir.",{"title":7,"searchDepth":594,"depth":594,"links":595},4,[596,603,608,613],{"id":34,"depth":597,"text":38,"children":598},2,[599,601,602],{"id":48,"depth":600,"text":51},3,{"id":104,"depth":600,"text":107},{"id":153,"depth":600,"text":156},{"id":203,"depth":597,"text":206,"children":604},[605,606,607],{"id":214,"depth":600,"text":217},{"id":243,"depth":600,"text":246},{"id":282,"depth":600,"text":285},{"id":335,"depth":597,"text":338,"children":609},[610,611,612],{"id":346,"depth":600,"text":349},{"id":376,"depth":600,"text":379},{"id":415,"depth":600,"text":418},{"id":457,"depth":597,"text":460},"markdown","content:posts:2025:aws-security.md","content","posts\u002F2025\u002Faws-security.md","posts\u002F2025\u002Faws-security","md","\u002Fposts",[622,626],{"_path":623,"title":624,"date":625},"\u002F2025\u002Faws-ai-ml-ve-veri-analitigi","8 - AWS AI\u002FML ve Veri Analitiği","2025-11-26T08:40:07.000Z",{"_path":627,"title":628,"date":629},"\u002F2025\u002Faws-bulut-yonetimi-temel-ilkeler-ve-hizmetler","10 - AWS Bulut Yönetimi: Temel İlkeler ve Hizmetler","2025-11-26T12:09:18.000Z",1777022958347]