Tried out Wasabi today. They are a cloud storage provider to which you can store and access data as if it were Amazon S3. I am not too familiar with AWS as I have worked more with Azure so this was unfamiliar territory for me.
I wanted something I could point my Synology backups to and since Hyper Backup (the backup software on Synology) supports S3 it will support Wasabi too.
I signed up for a trial. Used the offer code TWIT as I heard about Wasabi on TWIT (not that the code gives you any perks). Enabled MFA as it’s always good to turn on MFA.
Then I created a bucket called “syn1backups”. Created a new user called “syn1” who has programmatic access (so it creates an API key). I safely noted the API key details when they were shown. I also created a group called “syn1backups” (in retrospect, should have gone with something better – I suck at naming things). Lastly I added user “syn1” to group “syn1backups”.
With me so far?
What I want to do now is use this “syn1” account for backups. So I have to give it access to the bucket I created. For this we need to make policies. I wish I could say the Wasabi documentation is great, but it’s not. Doesn’t look pretty and it’s more like notes (sort of like this blog post for instance) than user facing docs.
I created two policies. Call the first one “syn1FullAccess” (the name doesn’t matter):
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "s3:*", "Resource": [ "arn:aws:s3:::syn1backups", "arn:aws:s3:::syn1backups/*" ] } ] } |
It says allow all S3 sort of actions on the syn1backups bucket and all its contents. I applied this policy to the “syn1backups” group. So essentially it allows anyone in that group full S3 access to the bucket I created.
I called the second policy “AllowGroupToSeeBucketListInTheConsole” (again, the name doesn’t matter). This lets the group members enumerate the buckets and I based this on a policy I found in the Wasabi docs.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
{ "Version": "2012-10-17", "Statement": [ { "Sid": "AllowGroupToSeeBucketListInTheConsole", "Effect": "Allow", "Action": [ "s3:ListAllMyBuckets", "s3:GetBucketVersioning" ], "Resource": "arn:aws:s3:::*" } ] } |
Now go to Synology, launch Hyper Backup, add S3 as your destination, change the S3 server to be a custom URL and put in the Wasabi URL based on the region of your bucket, then your access key etc., set signature as v4, choose the bucket from the dropdown, change the folder name if needed… and that’s it, you’re done!