This page explains the access model for your Lobster Cloud environment. It covers how you access your system, what Lobster can and cannot access, and the security controls governing all access to the infrastructure.
Your access to the Lobster Data Platform
You access your Lobster Data Platform via a standard web browser over HTTPS on Port 443. No VPN, special client software, or browser plugins are required.
Aspect | Details |
|---|---|
Access method | Web browser via HTTPS (Port 443) |
Multiple users | Multiple users can work in parallel on the same system. |
Configuration | Complete system configuration is done through the web interface. |
Admin Console | Available on Port 9000. Requires IP-based authorization via Security Group. |
Initial Credentials
After your system is provisioned, you receive two separate emails from cloudportal@lobster.de:
Content | |
|---|---|
Email 1 | Your system URL (DNS name) and username |
Email 2 | Your initial password |
Credentials
The credentials are split across two emails for security reasons. Please change your system password immediately after your first login.
Lobster has no access to the web interface and does not know your credentials. The initial access credentials are generated automatically by the provisioning system and are not accessible to Lobster
What you cannot access
Lobster Cloud is a fully managed service. To maintain security, stability, and the integrity of the standardized environment, direct access to the underlying infrastructure is not available.
Restriction | Details |
|---|---|
No server access | You have no access to the Linux operating system, shell, or command line. |
No SSH/root access | No SSH connections, root privileges, or administrator access to the servers. |
No access to the cloud infrastructure | You have no direct access to the underlying AWS infrastructure. Access to the database and file system is exclusively handled through the Lobster Data Platform. Database operations, schema changes, and file access are fully supported through the application, but not through direct access at the infrastructure level. |
This approach ensures that the environment remains standardized, secure, and fully manageable by the Lobster Cloud Operations team. It also ensures that security patches, updates, and monitoring can be applied consistently across all customer environments.
Lobster cloud teams access controls
Lobster enforces strict role-based access control for all internal teams. Every access is authenticated with multi-factor authentication (MFA) and logged via AWS CloudTrail.
Role | Access scope | Permissions | MFA | Logging |
|---|---|---|---|---|
Cloud Operations | Complete iPaaS solution | Full access to all systems and services | Yes | Yes |
Customer Systems (Installation) | VM servers (limited) | Lobster Data Platform | Yes | Yes |
Support Runtime Team | VM servers and RDS (read-only) | Platform support; read-only access to database metrics | Yes | Yes |
Cloud Engineering | Complete Lobster Cloud | Hosting provisioning and third-level support | Yes | Yes |
Binding access policies
The following policies are binding for all Lobster employees and cannot be overridden:
Policy | Details |
|---|---|
No access to the web interface | Lobster employees do not have access to your Lobster Data Platform web interface or Admin console. |
Temporary access by request only | Should Lobster support need to investigate an issue within the platform, you can grant temporary access by providing credentials via a support ticket. Access will be revoked once the issue has been resolved. |
No data access | Lobster employees cannot view, copy, export, or modify your business data within the LDP. |
Log access only | The only data Lobster employees can access consists of system logs, operational metrics and infrastructure telemetry required for monitoring and troubleshooting. |
AWS IAM security
All administrative access to the AWS infrastructure is managed through AWS Identity and Access Management (IAM) with the following security measures in place. Access is granted on a role-based basis.
Measure | Details |
|---|---|
Multi-factor authentication | Mandatory for all AWS account access. |
Least-privilege principle | Each role receives only the minimum permissions required. |
Session timeouts | Sessions expire automatically after inactivity. |
Quarterly permission review | All IAM permissions are reviewed and recertified every quarter. |
Anomaly alerts | Unusual access patterns trigger automatic alerts via AWS GuardDuty and Arctic Wolf. |
Penetration testing
You are permitted to conduct your own penetration tests against your Lobster Cloud system. However, you must notify Lobster in advance before carrying out any tests. This ensures that the Lobster Cloud Operations team is aware of the activity and does not treat it as a security incident.
DDoS attacks are strictly prohibited. All penetration tests must comply with the AWS Penetration Testing policies, available at https://aws.amazon.com/security/penetration-testing/
To schedule a penetration test, create a support ticket to support@lobster.de including the planned test period, scope, and the IP addresses from which the test will be conducted.
System status transparency
The Lobster Cloud status page provides an overview of the current health of the Lobster Cloud infrastructure. Maintenance notifications and service disruptions are published here as they occur.
Details about the status page can be found here: System Status Page