# AWS CLI yapılandırma
aws configure
aws configure list
aws configure get aws_access_key_id
# Profil yönetimi
aws configure --profile pentest
aws configure list-profiles
export AWS_PROFILE=pentest
# Kimlik doğrulama
aws sts get-caller-identity
aws sts get-session-token
aws sts assume-role --role-arn arn:aws:iam::123456789012:role/PentestRole --role-session-name PentestSession
# Geçici kimlik bilgileri
aws sts get-session-token --duration-seconds 3600
aws sts assume-role --role-arn arn:aws:iam::123456789012:role/RoleName --role-session-name PentestSession
# Hesaplar arası erişim
aws sts assume-role --role-arn arn:aws:iam::TARGET_ACCOUNT:role/RoleName --external-id EXTERNAL_ID --role-session-name XAccount
# Federated access (SAML)
aws sts assume-role-with-saml \
--role-arn arn:aws:iam::123456789012:role/RoleName \
--principal-arn arn:aws:iam::123456789012:saml-provider/ProviderName \
--saml-assertion file://assertion.xml
# Hesap bilgileri
aws sts get-caller-identity
aws organizations list-accounts
aws organizations describe-account --account-id 123456789012
# Faturalama (örnek)
aws ce get-cost-and-usage \
--time-period Start=2024-01-01,End=2024-01-31 \
--granularity MONTHLY \
--metrics BlendedCost
# Region listesi
aws ec2 describe-regions --output table
aws ec2 describe-regions --query 'Regions[].RegionName' --output text
# Availability Zone'lar
aws ec2 describe-availability-zones --region us-east-1
# Servisler arası etiketli kaynak keşfi
aws resourcegroupstaggingapi get-resources --region us-east-1
aws resourcegroupstaggingapi get-resources --resource-type-filters ec2:instance
# Belirli tag ile kaynaklar
aws resourcegroupstaggingapi get-resources --tag-filters Key=Environment,Values=Production
# Kullanıcı listesi
aws iam list-users --output table
aws iam list-users --query 'Users[].UserName' --output text
# Kullanıcı detayları
aws iam get-user --user-name USERNAME
aws iam list-user-policies --user-name USERNAME
aws iam list-attached-user-policies --user-name USERNAME
# Kullanıcı grupları
aws iam list-groups-for-user --user-name USERNAME
aws iam list-groups --output table
# Kullanıcı ARN
aws iam get-user --user-name USERNAME --query 'User.Arn' --output text
# Rol listesi
aws iam list-roles --output table
aws iam list-roles --query 'Roles[].RoleName' --output text
# Rol detay ve policy
aws iam get-role --role-name ROLENAME
aws iam list-role-policies --role-name ROLENAME
aws iam list-attached-role-policies --role-name ROLENAME
# Trust policy (inline policy adı gerekiyorsa)
aws iam get-role-policy --role-name ROLENAME --policy-name POLICYNAME
# Policy listesi
aws iam list-policies --scope Local --output table
aws iam list-policies --scope AWS --output table
# Policy detay ve sürüm
aws iam get-policy --policy-arn arn:aws:iam::123456789012:policy/POLICYNAME
aws iam get-policy-version --policy-arn arn:aws:iam::123456789012:policy/POLICYNAME --version-id v1
# Inline policy (kullanıcı)
aws iam get-user-policy --user-name USERNAME --policy-name POLICYNAME
# Access key listesi
aws iam list-access-keys --user-name USERNAME
aws iam get-access-key-last-used --access-key-id AKIAIOSFODNN7EXAMPLE
# Service-specific credentials
aws iam list-service-specific-credentials --user-name USERNAME
# Doğrudan ve dolaylı yetkiler (özet)
aws iam list-user-policies --user-name USERNAME --output table
aws iam list-attached-user-policies --user-name USERNAME --output table
aws iam list-groups-for-user --user-name USERNAME --output table
# Grup policy'lerini getir
for g in $(aws iam list-groups-for-user --user-name USERNAME --query 'Groups[].GroupName' --output text); do \
aws iam list-group-policies --group-name "$g"; \
aws iam list-attached-group-policies --group-name "$g"; \
done
# Effective permissions simülasyonu (örnek)
aws iam simulate-principal-policy \
--policy-source-arn arn:aws:iam::123456789012:user/USERNAME \
--action-names s3:GetObject \
--resource-arns arn:aws:s3:::bucket-name/*
# Bucket listesi
aws s3 ls
aws s3 ls s3://bucket-name/
aws s3api list-buckets --query 'Buckets[].Name' --output text
# Bucket detayları
aws s3api get-bucket-location --bucket bucket-name
aws s3api get-bucket-versioning --bucket bucket-name
aws s3api get-bucket-encryption --bucket bucket-name
# Dosya listesi
aws s3 ls s3://bucket-name/ --recursive
aws s3 ls s3://bucket-name/ --recursive --human-readable --summarize
# Dosya indirme / senkronizasyon
aws s3 cp s3://bucket-name/file.txt ./
aws s3 sync s3://bucket-name/ ./local-folder/
# Dosya yükleme (izinlerinize dikkat!)
aws s3 cp file.txt s3://bucket-name/
aws s3 sync ./local-folder/ s3://bucket-name/
# Public access / izinler
aws s3api get-bucket-policy --bucket bucket-name
aws s3api get-bucket-acl --bucket bucket-name
aws s3api get-bucket-ownership-controls --bucket bucket-name
# Policy'yi biçimli göster (jq yüklü olmalı)
aws s3api get-bucket-policy --bucket bucket-name --query 'Policy' --output text | jq '.'
# CORS
aws s3api get-bucket-cors --bucket bucket-name
# Yazma testi (örnek)
aws s3 cp test.txt s3://bucket-name/ --acl public-read
# Bucket policy değişikliği (dikkat!)
aws s3api put-bucket-policy --bucket bucket-name --policy file://policy.json
# Ownership controls
aws s3api put-bucket-ownership-controls \
--bucket bucket-name \
--ownership-controls Rules='[{"ObjectOwnership":"BucketOwnerPreferred"}]'
# Instance listesi
aws ec2 describe-instances --output table
aws ec2 describe-instances --query 'Reservations[].Instances[].InstanceId' --output text
# Instance detayları
aws ec2 describe-instances --instance-ids i-1234567890abcdef0
aws ec2 describe-instance-attribute --instance-id i-1234567890abcdef0 --attribute userData
# Security group listesi
aws ec2 describe-security-groups --output table
aws ec2 describe-security-groups --group-ids sg-1234567890abcdef0
# Security group kuralları
aws ec2 describe-security-group-rules --filters Name=group-id,Values=sg-1234567890abcdef0
# Başlat / Durdur / Sonlandır (yalnızca lab/izinli ortamlarda!)
aws ec2 start-instances --instance-ids i-1234567890abcdef0
aws ec2 stop-instances --instance-ids i-1234567890abcdef0
aws ec2 terminate-instances --instance-ids i-1234567890abcdef0
# User data güncelleme (dikkat!)
aws ec2 modify-instance-attribute --instance-id i-1234567890abcdef0 --user-data file://script.sh
# Key pair listesi
aws ec2 describe-key-pairs --output table
# Key pair detayları
aws ec2 describe-key-pairs --key-names key-name
# Function listesi
aws lambda list-functions --output table
aws lambda list-functions --query 'Functions[].FunctionName' --output text
# Function detayları
aws lambda get-function --function-name function-name
aws lambda get-function-configuration --function-name function-name
# Invoke
aws lambda invoke --function-name function-name --payload file://payload.json response.json
# Kod güncelleme
aws lambda update-function-code --function-name function-name --zip-file fileb://function.zip
# Konfigürasyon
aws lambda update-function-configuration --function-name function-name --environment Variables='{KEY=VALUE}'
# Function role ARN
aws lambda get-function --function-name function-name --query 'Configuration.Role'
# Rol policy'leri
aws iam list-role-policies --role-name role-name
aws iam list-attached-role-policies --role-name role-name
# DB listesi
aws rds describe-db-instances --output table
aws rds describe-db-instances --query 'DBInstances[].DBInstanceIdentifier' --output text
# DB detayları
aws rds describe-db-instances --db-instance-identifier db-name
# Security group'lar
aws rds describe-db-instances --db-instance-identifier db-name --query 'DBInstances[].VpcSecurityGroups'
# Ağ erişimi
aws rds describe-db-instances --db-instance-identifier db-name --query 'DBInstances[].PubliclyAccessible'
# Şifreleme
aws rds describe-db-instances --db-instance-identifier db-name --query 'DBInstances[].StorageEncrypted'
# REST API listesi
aws apigateway get-rest-apis --output table
aws apigateway get-rest-apis --query 'items[].name' --output text
# API detayları
aws apigateway get-rest-api --rest-api-id api-id
aws apigateway get-resources --rest-api-id api-id
# VPC listesi
aws ec2 describe-vpcs --output table
aws ec2 describe-vpcs --query 'Vpcs[].VpcId' --output text
# Subnet listesi
aws ec2 describe-subnets --output table
aws ec2 describe-subnets --query 'Subnets[].SubnetId' --output text
# Trail listesi
aws cloudtrail list-trails --output table
aws cloudtrail describe-trails --trail-name-list trail-name
# Event history
aws cloudtrail lookup-events --lookup-attributes AttributeKey=EventName,AttributeValue=CreateUser
aws cloudtrail lookup-events --start-time 2024-01-01 --end-time 2024-01-31
# Log grupları
aws logs describe-log-groups --output table
aws logs describe-log-streams --log-group-name /aws/lambda/function-name
# Log olayları (timestamp ms cinsinden)
aws logs filter-log-events --log-group-name /aws/lambda/function-name --start-time 1640995200000
# Finding listesi
aws guardduty list-findings --detector-id detector-id
aws guardduty get-findings --detector-id detector-id --finding-ids finding-id
# GuardDuty kaynaklı bulgular
aws securityhub get-findings --filters '{"ProductName":[{"Value":"GuardDuty","Comparison":"EQUALS"}]}'
# Keşfedilmiş kaynaklar
aws configservice list-discovered-resources --resource-type AWS::EC2::Instance
# Policy ekleme (tehlikeli)
aws iam attach-user-policy --user-name username --policy-arn arn:aws:iam::aws:policy/AdministratorAccess
# Rol devralma
aws sts assume-role --role-arn arn:aws:iam::123456789012:role/RoleName --role-session-name PentestSession
# Kötü niyetli policy oluşturma (lab)
aws iam create-policy --policy-name MaliciousPolicy --policy-document file://malicious-policy.json
# Kaynak tabanlı yükseltme örnekleri (lab)
# S3 bucket policy
aws s3api put-bucket-policy --bucket bucket-name --policy file://malicious-policy.json
# Lambda function update
aws lambda update-function-code --function-name function-name --zip-file fileb://malicious-function.zip
# EC2 user data
aws ec2 modify-instance-attribute --instance-id instance-id --user-data file://malicious-script.sh
# IAM backdoor (yalnızca lab)
aws iam create-user --user-name backdoor-user
aws iam create-access-key --user-name backdoor-user
aws iam create-role --role-name backdoor-role --assume-role-policy-document file://trust-policy.json
aws iam attach-role-policy --role-name backdoor-role --policy-arn arn:aws:iam::aws:policy/AdministratorAccess
# Cross-account role assumption
aws sts assume-role --role-arn arn:aws:iam::TARGET_ACCOUNT:role/RoleName --external-id EXTERNAL_ID
# Cross-region erişim örnekleri
aws ec2 describe-instances --region us-west-2
aws s3 ls --region eu-west-1
aws sts get-caller-identityaws iam list-usersaws s3 lsaws ec2 describe-instancesaws lambda list-functions--output table # tablo
--output json # JSON
--output text # düz metin
--output csv # CSV
# Basit sorgu
--query 'Users[].UserName'
# Filtreleme
--query 'Users[?UserName==`admin`]'
# Çoklu alan
--query 'Users[].[UserName,CreateDate]'
Son güncelleme: 21 Ağustos 2025