Build a custom portal with embedded Amazon SageMaker AI MLflow Apps

2026-05-28 · Source: Artificial Intelligence · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cloud Computing & IT Infrastructure, Software Development & Engineering · Depth: Intermediate, long

Summary

This article details a scalable solution for embedding Amazon SageMaker AI MLflow Apps into a custom, SSO-integrated internal portal. It addresses challenges of distributing presigned URLs and managing individual AWS Management Console access for growing ML teams. The proposed architecture features a React front end that embeds the MLflow UI via an iframe, backed by a Flask reverse proxy running on Amazon EC2. This proxy handles AWS Signature Version 4 (SigV4) authentication using temporary IAM credentials, intercepts and signs requests, and rewrites MLflow URLs for seamless integration. An Application Load Balancer (ALB) serves as the single entry point, integrating with existing DNS and SSO. The entire stack is deployed using the AWS Cloud Development Kit (AWS CDK), enabling automated provisioning and simplified access to MLflow experiment tracking and model registry.

Key takeaway

For MLOps Engineers or AI Architects aiming to streamline MLflow access for large teams, this solution offers a robust pattern. By deploying a Flask reverse proxy with SigV4 authentication behind an ALB, you can provide a persistent, SSO-integrated portal to Amazon SageMaker AI MLflow Apps. This reduces onboarding time and operational overhead, ensuring data scientists have a consistent, secure experience. Consider integrating AWS WAF for rate limiting and ACM for HTTPS in production.

Key insights

A Flask reverse proxy with SigV4 authentication enables secure, scalable embedding of SageMaker MLflow Apps into custom SSO portals.

Principles

• Centralize MLflow access via SSO-integrated portals.
• Use a reverse proxy for AWS SigV4 authentication.
• Embed UIs via iframes for consistent experience.

Method

Deploy a React front end and Flask reverse proxy on EC2 behind an ALB using AWS CDK. The proxy intercepts, signs with SigV4, and forwards requests to SageMaker MLflow Apps, rewriting URLs.

In practice

• Embed MLflow UI in an iframe within a React app.
• Configure Flask to handle SigV4 signing and URL rewriting.
• Use AWS CDK for infrastructure as code deployment.

Topics

• Amazon SageMaker MLflow Apps
• AWS SigV4 Authentication
• Flask Reverse Proxy
• AWS CDK
• SSO Integration
• MLOps Infrastructure
• Experiment Tracking

Code references

• aws-samples/sample-sagemaker-mlflow-embedded-ui
• curl/curl
• aws-samples/sample-sagemaker-mlflow-embedded-ui

Best for: MLOps Engineer, AI Engineer, AI Architect

Related on AIssential

• Streamline external access to Amazon SageMaker MLflow using a REST API proxy — A Flask-based proxy enables secure HTTPS access to Amazon SageMaker MLflow, bypassing SDK restrictions for enterprise integration.
• End-to-end lineage with DVC and Amazon SageMaker AI MLflow apps — Integrating DVC, SageMaker AI, and MLflow provides full ML model traceability from data to deployment.
• Unity AI Gateway: How to Connect Agents to External MCPs Securely — Unity AI Gateway simplifies secure agent access to external tools by centralizing authentication and governance.
• SageMaker Pipelines: CI/CD for ML with Terraform — The provided content indicates an error page, stating "Apologies, but something went wrong on our end." It suggests refreshing the page, checking Medium's site status, or finding other content to read.
• The consolidated AWS ML Associate CheatSheet — 50 concepts you need to know — The AWS ML Associate exam emphasizes practical knowledge across core ML concepts and AWS service implementations.
• DagsHub now supports MLflow 3.x — MLflow 3.x shifts from run-centric to model-centric tracking, improving GenAI observability and evaluation.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Artificial Intelligence.