QNAP NAS: Backup & Sync to Google Cloud Storage

I have a QNAP NAS at home which I use for file storage. It shares several folders with the family’s Mac, Linux, and Windows computers. Many of these files are are irreplaceable, especially our digital photos, so I back them up to the cloud. QNAP provides the Hybrid Backup and Sync application, which supports multiple cloud storage endpoints. QNAP also provides specific documentation for backing up and syncing to Google Cloud Storage. However, QNAP’s instructions don’t explain how to set up a Google Cloud Storage bucket destination, so here is the procedure I used to set up Google Cloud Storage to back up my QNAP NAS.

Google Cloud Platform Configuration

  1. Create a Google Cloud Platform account
    1. Requires a payment method, such as a credit card
    2. The project name and ID will be auto-created. Auto-generated IDs work fine (see below if you are getting an error about an “Invalid Project Id”)
  2. Create a custom role for the QNAP backup service account
    1. Google Cloud Console->IAM & Admin->Roles
    2. Click “+ Create Role”
    3. Set meaningful values for Title, Description, and ID
    4. Click “+ Add Permissions”
    5. In the field with light gray text that says “Filter table,” type in storage.buckets.list
    6. Click the check box next each of the following permissions, and then click Add:
      1. storage.buckets.get
      2. storage.buckets.list
      3. storage.buckets.update
    7. Click the “CREATE” button
  3. Create a service account
    1. Download key in P12 format
  4. Grant custom role to service account
    1. In Google Cloud Console, go to IAM & Admin->IAM
    2. Click the “+ADD” button at the top
    3. Paste in the service account email address (or start typing for auto-complete)
    4. In the “Select a role” drop-down, use auto-complete to add the custom role you just created (see screenshot below)
    5. Click SAVE
  5. Create a Google Cloud Storage bucket
    1. Nearline storage
    2. Multi-region in US
    3. Choose “Set permissions uniformly at bucket-level (Bucket Policy Only)”
  6. Grant permissions to service account on bucket
    1. Edit bucket permissions
    2. Click “Add members”
    3. Paste in email address of service account
    4. Select role “Storage Object Admin”
    5. Save

EDIT 2019-08-19: Updated required permissions; see above.

Add permission to Google Cloud IAM Role
Add a permission to Google Cloud IAM Role


If the QNAP Backup & Sync application gives you the error “Invalid project id” when connecting to Cloud Storage for the first time, it is not necessarily a problem with the project ID. There are a lot of misleading posts about this error on the QNAP Forums. Backup & Sync works fine with Google’s default project IDs. This error also happens when the service account you specified doesn’t have permission to list buckets. The procedure I outlined above prevents this problem by adding a custom role with the one required permission.

If you have a question or a suggestion to clarify the instructions, leave a comment and I will try to improve the instructions. Thanks!

6 thoughts on “QNAP NAS: Backup & Sync to Google Cloud Storage”

  1. Hi Craig Finch,
    I follow all the steps to configure my QNAP to Google Cloud Storage but i still get the Invalid Project Id Error Message.

    Are you able to give me a support by Team viewer?
    Thank you so much in advance

    1. I realized that I had to add additional IAM permissions for the service account. Please see my updated post above, and see if adding permissions to the role resolves your issue. If not, try adding the “Storage Object Admin” or “Storage Admin” role to the service account, and try the backup again. Generally, it’s not a good idea to give service accounts such broad permissions on a long-term basis.

  2. Hi Craig,
    I have followed all of the steps and am still getting a permissions error. This is more in completing the back-up process. The cloud storage space is added successfully without issues. Service account is added to bucket and all rules/permissions listed above are in place. When creating a back-up, I can get all the way to the “create” button when I get an error.

    Cannot upload to the cloud service. Permission denied.

    I have tried many things to get past this final step and with the many rules and permission options, I am having little luck. Can you possibly help?

  3. Hi Craig, thank you for you great guide. You solved my problem when I wanted to use a custom service account instead of the default one 😉

  4. A quick note of thanks for this post Craig, I found it helpful and it gave me good clues as I developed my understanding of the process.
    One suggestion for improvement would be to include some basic “why” information with your “what” guide. Why a custom role? and service account? for example. I’m guessing you’ve taken the path you’ve taken as it aligns with the philosophy of ‘asigning just enough Google Cloud resource to do the job’?
    Thanks again for a very helpful post.

    1. Tim, I’m glad I could help. You are correct that I am following the “principle of least access.” While it may be overkill for backing up your personal NAS, I usually use Google Cloud Platform for enterprise infrastructure, where the principle is essential.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.