Refactor Route 53 and VPC health check recommendations

DebLanger · web-flow · commit 1bf79f74579d · 2026-03-29T10:40:44.000+03:00
Removed health check recommendations for Route 53 and Bedrock VPC configuration due to redundancy and updated focus on primary records and security groups.
diff --git a/articles/defender-for-cloud/recommendations-reference-networking.md b/articles/defender-for-cloud/recommendations-reference-networking.md
@@ -466,12 +466,6 @@ Unless a port is specifically allowed, the port should deny unrestricted access.
 
 **Severity**: Low
 
-### Health Checks should be enabled for Route 53
-
-**Description**: Defender for Cloud identified that health checks are not enabled on your Route 53 resources. Health checks are periodic tests that monitor the availability and performance of DNS endpoints, ensuring traffic is routed only to responsive servers. Without them, you risk directing traffic to unresponsive or underperforming endpoints, which could lead to service disruptions and extended downtime.
-
-**Severity**: High
-
 ### Health checks should be enabled for primary records on Route53 Hosted zones
 
 **Description**: Defender for Cloud identified a Route 53 failover PRIMARY record without an enabled health check. Health checks are required to validate endpoint availability during failover. Without these checks, traffic may be inadvertently routed to endpoints that are unresponsive or compromised, increasing the risk of service disruption and reduced reliability.
@@ -484,12 +478,6 @@ Unless a port is specifically allowed, the port should deny unrestricted access.
 
 **Severity**: Medium
 
-### Multiple subnets across different Availability Zones should be configured in the Bedrock VPC configuration
-
-**Description**: Defender for Cloud identified that your Bedrock VPC configuration uses a single subnet in one Availability Zone. A subnet is a segment of a VPC and confining endpoints to one zone creates a single point of failure. This means that if the zone goes down, your Bedrock services become unreachable. Configuring multiple subnets in different Availability Zones is necessary to ensure high availability and protect against outages.
-
-**Severity**: Low
-
 ### Network isolation should be enabled for AWS SageMaker models
 
 **Description**: Defender for Cloud identified that AWS SageMaker models are not using network isolation. Network isolation confines models to a private network environment, preventing direct communication with public internet resources. Without this isolation, your models risk exposure to unauthorized access and potential data interception during training and inference activities.
