Synology NAS: Difference between revisions

From SWKLS WIKI
Jump to navigation Jump to search
Line 74: Line 74:


<blockquote class="inform">
<blockquote class="inform">
Reference:
Reference: https://objectivefs.com/howto/how-to-restrict-s3-bucket-policy-to-only-one-aws-s3-bucket
 
https://objectivefs.com/howto/how-to-restrict-s3-bucket-policy-to-only-one-aws-s3-bucket
</blockquote>
</blockquote>


[[Category:AWS_S3]]
[[Category:AWS_S3]]

Revision as of 16:35, 3 April 2020

Synology NAS S3 Access

User / Group / Policy Creation

Add User & Group

  • Add user by going to My Security Credentials (close pop-up) -> Users -> Add User.
  • Username is Library name
  • Access type is programmatic.
  • Next screen add Group (name is verso code).
  • Skip 'Tags'.
  • On the last screen (Success) copy the Access Key ID and Secret Access Key (these will be used later) and put in password DB (under NAS info).

Add Policy

  • Go to Policies and Create Policy.
  • In the JSON tab, paste in the following code, modifying the 'Resource' fields (library Verso code + 'libnas') (example: xyzlibnas):
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetBucketLocation",
                "s3:ListAllMyBuckets"
            ],
            "Resource": "arn:aws:s3:::*"
        },
        {
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::xyzlibnas",
                "arn:aws:s3:::xyzlibnas/*"
            ]
        }
    ]
}
  • Under 'Review', name the policy (verso code + 'nas') and click 'Create Policy'.
  • Go to Groups and open the newly created group.
  • Under 'Permissions' tab, click 'Attach Policy'.

S3 Bucket Creation

  • Go to S3 and 'Create Bucket'.
  • Bucket name is verso code + 'libnas'.
  • Region should be US East (N. Virginia).
  • Copy settings from another bucket (Bucklin for staff computer backups, Hamilton Co for shared file backups).
  • Enable 'Keep all versions of an object in the same bucket' on next screen
  • Modify tag to verso code.
  • Leave permissions on next screen as 'Block ALL Public Access'.
  • Review and 'Create'.
  • Once created, go into bucket and select the 'Properties' tab.
  • Enable server-side encryption (AES-256).
  • Under the Metrics sub-tab, edit (pencil icon) the name on the left sidebar and enable 'request metrics' and 'data transfer metrics' and click 'Save'.

Synology NAS Cloud Sync Setup

  • Log into the Synology NAS.
  • create shared folder 'backups', no recycle bin if used for staff backups
  • create user 'backupuser'
  • create 'staff' group
  • give 'staff' group rw to 'backups' folder, add 'backupuser' to 'staff' group
  • set notifications
  • Go to Packages and install the 'Cloud Sync' and 'Storage Analyzer' packages.
  • Once installed, open the Cloud Sync app (NOT Cloud Station ShareSync).
  • Select S3 Storage from the cloud providers list.
  • Put in the Access Key and Secret Key and select the appropriate bucket from the drop down list.
  • Click 'Next' and then 'Apply'.
  • On the next screen under Local Path select the folder that you want to upload.
  • Under Remote Path create a folder off of the root to store the files in (example: veeam).
  • Change the sync direction to 'Upload Local Changes Only'.
  • Leave everything else at defaults and select 'Schedule'.
  • Modify the schedule to only sync files during off hours (unless syncing shared files).

Reference: https://objectivefs.com/howto/how-to-restrict-s3-bucket-policy-to-only-one-aws-s3-bucket