Synology NAS: Difference between revisions

From SWKLS WIKI
Jump to navigation Jump to search
(Created page with "==Synology NAS S3 Access== ===User / Group / Policy Creation=== ====Add User & Group==== * Add user by going to My Security Credentials (close pop-up) -> Users -> Add User. *...")
 
 
(10 intermediate revisions by the same user not shown)
Line 1: Line 1:
==Synology Inital Configuration==
===Basic NAS Setup===
* create shared folder 'backups', no recycle bin if used for staff backups
* create user 'backupuser'
* create 'staff' group
* give 'staff' group rw to 'backups' folder, add 'backupuser' to 'staff' group
* set notifications
* xxxx@mycheckcentral.cc
* mail.checkcentral.cc
* 587
* install 'Cloud Sync' and 'Storage Analyzer' packages
* enable power-on after power failure & WOL
* enable basic SSH
* enable automatic package updates
==Synology NAS S3 Access==
==Synology NAS S3 Access==
===User / Group / Policy Creation===
===User / Group / Policy Creation===
Line 11: Line 26:
====Add Policy====
====Add Policy====
* Go to Policies and Create Policy.  
* Go to Policies and Create Policy.  
* In the JSON tab, paste in the following code, modifying the 'Resource' fields (library Verso code + 'libnas') (example: pldlibnas):
* In the JSON tab, paste in the following code, modifying the 'Resource' fields (library Verso code + 'libnas') (example: xyzlibnas):
<syntaxhighlight lang="json">
<syntaxhighlight lang="json">
{
{
Line 28: Line 43:
             "Action": "s3:*",
             "Action": "s3:*",
             "Resource": [
             "Resource": [
                 "arn:aws:s3:::pldilibnas",
                 "arn:aws:s3:::xyzlibnas",
                 "arn:aws:s3:::pldilibnas/*"
                 "arn:aws:s3:::xyzlibnas/*"
             ]
             ]
         }
         }
Line 51: Line 66:
* Once created, go into bucket and select the 'Properties' tab.  
* Once created, go into bucket and select the 'Properties' tab.  
* Enable server-side encryption (AES-256).  
* Enable server-side encryption (AES-256).  
* Under the Metrics sub-tab, edit (pencil icon) the name on the left sidebar and enable 'request metrics' and 'data transfer metrics' and click 'Save'.  
* Under the Metrics sub-tab, edit (pencil icon) the name on the left sidebar and enable 'request metrics' and 'data transfer metrics' and click 'Save'.
 
* IMPORTANT!!! Create a Lifecycle rule to delete incomplete multi-part uploads (MPUs) after 3 days.
 
 


===Synology NAS Cloud Sync Setup===
===Synology NAS Cloud Sync Setup===
Line 76: Line 89:
* Modify the schedule to only sync files during off hours (unless syncing shared files).
* Modify the schedule to only sync files during off hours (unless syncing shared files).


Reference:
<blockquote class="inform">
 
Reference: https://objectivefs.com/howto/how-to-restrict-s3-bucket-policy-to-only-one-aws-s3-bucket
https://objectivefs.com/howto/how-to-restrict-s3-bucket-policy-to-only-one-aws-s3-bucket
</blockquote>


[[Category:AWS_S3]]
[[Category:AWS_S3]]

Latest revision as of 19:50, 8 December 2023

Synology Inital Configuration

Basic NAS Setup

  • create shared folder 'backups', no recycle bin if used for staff backups
  • create user 'backupuser'
  • create 'staff' group
  • give 'staff' group rw to 'backups' folder, add 'backupuser' to 'staff' group
  • set notifications
  • xxxx@mycheckcentral.cc
  • mail.checkcentral.cc
  • 587
  • install 'Cloud Sync' and 'Storage Analyzer' packages
  • enable power-on after power failure & WOL
  • enable basic SSH
  • enable automatic package updates

Synology NAS S3 Access

User / Group / Policy Creation

Add User & Group

  • Add user by going to My Security Credentials (close pop-up) -> Users -> Add User.
  • Username is Library name
  • Access type is programmatic.
  • Next screen add Group (name is verso code).
  • Skip 'Tags'.
  • On the last screen (Success) copy the Access Key ID and Secret Access Key (these will be used later) and put in password DB (under NAS info).

Add Policy

  • Go to Policies and Create Policy.
  • In the JSON tab, paste in the following code, modifying the 'Resource' fields (library Verso code + 'libnas') (example: xyzlibnas):
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetBucketLocation",
                "s3:ListAllMyBuckets"
            ],
            "Resource": "arn:aws:s3:::*"
        },
        {
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::xyzlibnas",
                "arn:aws:s3:::xyzlibnas/*"
            ]
        }
    ]
}
  • Under 'Review', name the policy (verso code + 'nas') and click 'Create Policy'.
  • Go to Groups and open the newly created group.
  • Under 'Permissions' tab, click 'Attach Policy'.

S3 Bucket Creation

  • Go to S3 and 'Create Bucket'.
  • Bucket name is verso code + 'libnas'.
  • Region should be US East (N. Virginia).
  • Copy settings from another bucket (Bucklin for staff computer backups, Hamilton Co for shared file backups).
  • Enable 'Keep all versions of an object in the same bucket' on next screen
  • Modify tag to verso code.
  • Leave permissions on next screen as 'Block ALL Public Access'.
  • Review and 'Create'.
  • Once created, go into bucket and select the 'Properties' tab.
  • Enable server-side encryption (AES-256).
  • Under the Metrics sub-tab, edit (pencil icon) the name on the left sidebar and enable 'request metrics' and 'data transfer metrics' and click 'Save'.
  • IMPORTANT!!! Create a Lifecycle rule to delete incomplete multi-part uploads (MPUs) after 3 days.

Synology NAS Cloud Sync Setup

  • Log into the Synology NAS.
  • create shared folder 'backups', no recycle bin if used for staff backups
  • create user 'backupuser'
  • create 'staff' group
  • give 'staff' group rw to 'backups' folder, add 'backupuser' to 'staff' group
  • set notifications
  • Go to Packages and install the 'Cloud Sync' and 'Storage Analyzer' packages.
  • Once installed, open the Cloud Sync app (NOT Cloud Station ShareSync).
  • Select S3 Storage from the cloud providers list.
  • Put in the Access Key and Secret Key and select the appropriate bucket from the drop down list.
  • Click 'Next' and then 'Apply'.
  • On the next screen under Local Path select the folder that you want to upload.
  • Under Remote Path create a folder off of the root to store the files in (example: veeam).
  • Change the sync direction to 'Upload Local Changes Only'.
  • Leave everything else at defaults and select 'Schedule'.
  • Modify the schedule to only sync files during off hours (unless syncing shared files).

Reference: https://objectivefs.com/howto/how-to-restrict-s3-bucket-policy-to-only-one-aws-s3-bucket