AWS shows Flask proxy for HTTPS access to SageMaker MLflow

AWS Machine Learning teams often use MLflow to manage the ML lifecycle, but many enterprises face integration challenges due to security policies and network restrictions that prevent direct SDK usage. To address this, AWS published a post demonstrating how to build a secure, lightweight Flask-based MLflow proxy service that provides HTTPS access to Amazon SageMaker MLflow. The solution eliminates the need for the MLflow SDK, enabling organizations to integrate MLflow with existing systems while preserving their security and infrastructure patterns.

The architecture consists of three components: an AWS Application Load Balancer (ALB) for traffic distribution and SSL termination, a Python Flask application that handles authentication via AWS IAM, URL pre-signing, and request transformation, and Amazon SageMaker MLflow (both managed Tracking Server and serverless MLflowApp modes). The request flow involves clients sending HTTPS requests to the ALB, which routes them to the Flask proxy. The proxy transforms requests into authenticated AWS API calls, pre-signs URLs, and communicates with SageMaker MLflow endpoints. This setup allows secure, standards-based integration without modifying existing enterprise workflows, reducing implementation complexity and maintenance overhead.