Skip to content

Backup Synology NAS to Wasabi

This document will assume you know the basics of using Wasabi and Synology, and will not go in to details on either, but will provide a rough overview

Wasabi setup

You will need to have already created:

  • Bucket
  • User
  • Keys

For the policy you should use the below

Bucket name

Replace ${bucket} with the name of your bucket

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "CloudSyncBucketPermissions",
      "Effect": "Allow",
      "Action": [
        "s3:ListBucket",
        "s3:GetBucketLocation"
      ],
      "Resource": "arn:aws:s3:::${bucket}"
    },
    {
      "Sid": "CloudSyncObjectPermissions",
      "Effect": "Allow",
      "Action": [
        "s3:GetObject",
        "s3:PutObject",
        "s3:DeleteObject",
        "s3:AbortMultipartUpload",
        "s3:ListMultipartUploadParts"
      ],
      "Resource": "arn:aws:s3:::${bucket}/*"
    }
  ]
}
Explain the policy to me
    {
      "Sid": "CloudSyncBucketPermissions",
      "Effect": "Allow",
      "Action": [
        "s3:ListBucket",
        "s3:GetBucketLocation"
      ],
      "Resource": "arn:aws:s3:::${bucket}"
    }

This allows the NAS to list the bucket's objects and get the location of the bucket.

Why this is required, I am not too sure. We've already created the bucket in a region

AWS Docs: GetBucketLocation ⧉

But the API returns something like

<?xml version="1.0" encoding="UTF-8"?>
<LocationConstraint xmlns="http://s3.amazonaws.com/doc/2006-03-01/">us-west-2</LocationConstraint>
{
      "Sid": "CloudSyncObjectPermissions",
      "Effect": "Allow",
      "Action": [
        "s3:GetObject",
        "s3:PutObject",
        "s3:DeleteObject",
        "s3:AbortMultipartUpload",
        "s3:ListMultipartUploadParts"
      ],
      "Resource": "arn:aws:s3:::${bucket}/*"
}

Allows getting an object to recover, pushing objects, deleting them and then streaming multi part uploads

You should then attach this policy to the user

Synology setup

Ensure you've got the Cloud Sync app installed from the Synology package Centre

img.png

Open Cloud sync, click + then scroll down and select S3 Storage

img.png

Click on S3 Server: Amazon S3 and change this to Custom Server URL

img.png

Depending on what region you've made your bucket in, this is different

Not tested with Alias URL's

Wasabi has the concept of Alternative/ Alias URL's for their storage endpoints.

See here ⧉

I have not tested this setup with them, so if you have errors check your URL

Region Service URL
Wasabi US East 1 (N. Virginia) s3.us-east-1.wasabisys.com
Wasabi US East 2 (N. Virginia) s3.us-east-2.wasabisys.com
Wasabi US Central 1 (Texas) s3.us-central-1.wasabisys.com
Wasabi US West 1 (Oregon) s3.us-west-1.wasabisys.com
Wasabi CA Central 1 (Toronto) s3.ca-central-1.wasabisys.com
Wasabi EU Central 1 (Amsterdam) s3.eu-central-1.wasabisys.com
Wasabi EU Central 2 (Frankfurt) s3.eu-central-2.wasabisys.com
Wasabi EU West 1 (United Kingdom) s3.eu-west-1.wasabisys.com
Wasabi EU West 2 (Paris) s3.eu-west-2.wasabisys.com
Wasabi EU West 3 (United Kingdom) s3.eu-west-3.wasabisys.com
Wasabi EU South 1 (Milan) s3.eu-south-1.wasabisys.com
Wasabi AP Northeast 1 (Tokyo) s3.ap-northeast-1.wasabisys.com
Wasabi AP Northeast 2 (Osaka) s3.ap-northeast-2.wasabisys.com
Wasabi AP Southeast 1 (Singapore) s3.ap-southeast-1.wasabisys.com
Wasabi AP Southeast 2 (Sydney) s3.ap-southeast-2.wasabisys.com

If our bucket is in eu-west-1, we are going to use s3.eu-west-1.wasabisys.com

Fill out the name of your bucket, as well as access key ID

img.png

Field name Explainer
S3 server Use AWS defaults or use our own S3 compliant Endpoint
Server address The URL of the S3 endpoint. Do not include https://
Signature version Allows you to authenticate your requests to AWS resources, and Wasabi supports this in the Host: header which is documented here ⧉
Access key Your AWS Access key from Wasabi
Secret key Your AWS Secret key from Wasabi
Bucket name Bucket name

Creating tasks

This is out of scope of this document, Synology have documentation ⧉


Want to make this site better? Open a PR, help fund hosting costs or message me on Matrix