We headed up to Tobermory early on Tuesday morning for the StaffaTours Staffa & Treshnish Isles wildlife tour which is only available during the summer until the Puffins leave Treshnish. We were fortunate to catch them as the guide told us it would likely only be a few more days before the pufflings fledged.

After we'd headed out from Tobermory the crew were alerted to a pod of dolphins a little off our route, so we took a slight detour to see them. It was amazing seeing them so close to the boat. We also saw a lot of sea birds and an otter bobbing along beside us.

Staffa

The name Staffa comes from the old Norse for stave or pillar island as the basalt columns that make up the island reminded the Vikings of their wood log houses. The island is formed by these 3-8 sided basalt columns giving it a really distinctive appearance similar to that of Giants Causeway.

We were dropped off at a jetty and then made our way up the stairway to the main part of the island - it was very busy around the jetty as it's the only way onto the island and a lot of the tours stop here. Me and Kai then headed across to the cairn and trig point at the top of the island on the side of the cliff over Fingal's cave.

After this we headed back over to meet Laura and Jessica to explore more of the other side of the island and then head down and round the coast to see the inside of Fingal's cave.

After this it was time to head back to the jetty to reboard the boat to head across to Lunga.

Lunga

Lunga is the largest of the Treshnish isles and the name comes from Norse "longship island". The boats pulled up against a floating jetty with a small rowing boat attached to it and we were wondering how we'd all get ashore from that, but then realised that the boat would push the floating jetty into the shore proving quite a neat set up.

From there we went up the steep path marked with a helpfully painted upward arrow to the cliff top where we found ourselves a spot to sit and have lunch just back from the puffin burrows in the long grass on the cliff edge. There we spent the rest of the afternoon puffin watching and it was magical seeing so many puffins flying in and diving into their burrows with food for their pufflings.

The presence of humans on the cliff top is apparently good for keeping the skuas away from stealing the puffins food, but we had to be careful to stay back from the burrows to avoid crushing them.

In a few days time the pufflings would fledge by jumping off the cliff in the dead of night and all of the puffins would gone - spending most of the year living out over the sea until they return again to breed next year

On the way back as we were heading in to Kilchoan (the west most village on the mainland) as the first drop off point we saw a pod of bottle nosed dolphins alongside the boat.

For our first day on Mull we decided we'd head out and explore the central loop of the island in the car following a route described in the brochure in the farmhouse. This gave us our first real insight to driving in Mull as most of the roads are single track with passing places - although the passing places are very frequent so you can almost always see one ahead of you. The route took us along between the mountains through forests and by lochs as we wound around the hilly landscape of central Mull.

We first went along following the valley through Glenmore and came up out of the forest to views overlooking the three lochs - Loch an Eilean, Loch an Ellen and Loch Airde - between Ben Buie and Creach Beinn.

We saw rocky shores where could imagine the otters would appear early in the day and majestic waterfalls as the water poured down from the mountains. We stopped for a lunch break near Traigh Doire Dhubhaig overlooking Eorsa and as it started to rain we had our picnic in the car.

We then headed back to the farmhouse for a bit, but decided as it was such a nice evening to head down the road to the local Duart Castle.

Scotland 2023

• 28 Jul - Glasgow
• 29 Jul - 5 Aug - Isle of Mull
  • 30 Jul - Central Mull
  • 31 Jul - Aros park
  • 1 Aug - Staffa & Lunga tour
  • 2 Aug - Iona
  • 3 Aug - Ulva
  • 4 Aug - Lochbuie
• Loch Lomond - 5 - 8 Aug
  • 6 Aug - Inversnaid

We met my parents at Avebury and spent the day exploring the ancient landscape around the area. Avebury is one of the best preserved Neolithic monuments in Europe and is believed to have been constructed between 3100 BC - 2000 BC. The site consists of a large henge, or circular ditch, surrounded by a stone circle, two inner circles and two additional semi-circles outside the main ring.

From there we walked along the West Kennet Avenue and up over the fields. As we reached the top, we started to see a glimpse of Silbury Hill - the largest artificial mound in Europe. We then headed down towards Silbury Hill and across to the West Kennet Long Barrow which is a really impressive structure. As we took in the sights of the long barrow and the views all around the landscape we watched the swallows flying into the barrow to catch flies.

This blog post will provide you an overview of our Lambda integration in API Connect on AWS, what you could use it for and a simple worked example of setting this up. If you’d prefer you can watch me demonstrate this in our video on YouTube.

Lambda is serverless computing platform provided by Amazon Web Services (AWS) which lets you build and deploy your code in a number of different programming languages with easy integrations to AWS services without having to manage infrastructure or servers. This makes it an ideal place to build out your API implementation and when you combine this with our API Connect on AWS SaaS offering you can quickly build, manage and socialise your APIs without worrying about the infrastructure behind them.

Using our Lambda policy in the SaaS service makes this simple and straight forward to integrate these so you can build out your apis around numerous different AWS services then manage them centrally through API Connect, sharing them with consumers through our customisable developer portal.

In order to manage the integration securely we use AWS Security Token Service (STS) so there is no need for you to give API Connect the credentials for your AWS account, you can just create an IAM role and grant permission for API Connect to assume that role.

The API Connect service is running in our AWS account and we have a fixed STS role that the service uses for each region:

In your AWS account you would set up a role that has permission to invoke your Lambda function(s) and set up the principal for the trust policy to be our service role and the external ID to be your provider org ID of your API Connect service instance. You can set this role to grant permission for just a single lambda function or multiple depending on what you need.

Within API Connect you will find the Lambda policy in the API Assembly editor on the Gateway tab along with all the other policies you can use to build out your API. The preferred model is to configure the lambda policy using the STS Assume Role option, however we do also support providing an Access Key ID and Secret Access Key. Then along with the credentials you just need to specify the name of the function and the region you have the lambda function deployed in.

To do this for yourself you can follow along with my simple worked example:

1. Create Lambda function

From the AWS Console, select Lambda then Create function - either start from scratch or make use of the ‘Hello World’ blueprint example. If you start from scratch and want to use the simple echo function I demonstrate in the video, give your function a name and select NodeJS as the Runtime - you can leave all the other settings the same unless your organisation has specific requirements around roles and permissions. Then click Create function.
Here is the code for the simple example from the video, which you can copy and paste into your function - alternatively you can use an existing function or write something more useful yourself:

export const handler = async(event) => {
    // TODO implement something more interesting here!  
    const response = event;
    return response;
};

After the code is updated in the function, click Deploy. Take a note of the function name and region your function is deployed in - both are part of the displayed function ARN - arn:aws:lambda:{{region}}:{{account}}:function:{{functionName}}

2. Create a role

Now you have the function created you will need to create a role to grant API Connect permission to assume which can invoke the function - for this, go to IAM and select Roles within the AWS Console.

• Select Create role
• Select Custom trust policy
• Update the trust policy to have set the Principal to the API Connect role for the region you are using (see the table above) and set the “Condition” to require an external ID of the provider org you are using in the API Connect service- you should have something like the following:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Statement1",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::623947394061:role/ibm-apiconnect-eu-central-a"
            },
            "Action": "sts:AssumeRole",
            "Condition": {
                "StringEquals": {
                    "sts:ExternalId": "ac51909e-a379-4153-a0e8-ef4a25a83405"
                }
            }
        }
    ]
}

Next, create a permission policy for the role to allow it to invoke lambda functions - something like this (you can also specify the function within the Resource field to limit which lambda functions API Connect can invoke):

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "lambda:InvokeFunction",
            "Resource": "*"
        }
    ]
}

Now you have the Lambda function and Role configured we’re ready to start making use of this function within API Connect

3. Create your API in API Connect

To do this, open API Manager - if you don't already have a trial instance to use, you can create a free trial now.

• Select Develop APIs and Products.
• Create a new API using the Add button and selecting API (from REST, GraphQL or SOAP).
• Select New OpenAPI.
• Complete the details for the name and path and click Next.
• Confirm the security options and click Next.

Now you have completed the guide to create the basic API you can set up the OpenAPI specification for it as you would like before moving on to configure the implementation. To configure the implementation, select the Gateway tab, remove the default Invoke policy by hovering over it until you see the bin icon - and then click it.

You can now drag the Lambda policy across in its place and fill in the details from your Lambda policy as the parameters (role, function name and region).

Now you have the Lambda policy in place you can Save the API, and toggle the Online indicator to make the API available to test and then try it out under the Test tab.

There we have an API implemented end to end from a serverless function in AWS Lambda through to defining the OpenAPI spec for it and managing it in API Connect. You could now go on to share this API with Consumers through the Developer Portal, or continue to build out the functionality with additional policies first.

Try it for yourself by signing up for our free 30 day trial today.