So you want to use Synology’s Hyper Backup with S3, eh? And you’re looking for the specific AWS permissions required for it to work? While it would be just super if Synology documented the exact permissions required, unfortunately, they do not. Nor does the Hyper Backup application provide detailed error messages when required permissions are lacking. Instead, all you get is an ambiguous statement indicating that “some” permissions are missing. No kidding.

When I set up Hyper Backup the other day for the first time, I initially granted complete access to all of S3 - obviously not an ideal choice - just to get it working. Then I went through and systematically whittled out everything that wasn’t required. The policy below, I believe, contains only the permissions that are absolutely required.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "s3:ListAllMyBuckets",
                "s3:ListBucket"
            ],
            "Resource": "*"
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObjectAcl",
                "s3:GetObject",
                "s3:GetLifecycleConfiguration",
                "s3:PutBucketLogging",
                "s3:PutLifecycleConfiguration",
                "s3:GetBucketLogging",
                "s3:CreateBucket",
                "s3:DeleteObject",
                "s3:GetBucketAcl",
                "s3:GetBucketLocation"
            ],
            "Resource": [
                "arn:aws:s3:::your-bucket-name/*",
                "arn:aws:s3:::your-bucket-name"
            ]
        }
    ]
}

Post image by Freepik from flaticon.com.