Merge pull request #96250 from odbergma/patch-1

Update mdfc-recs-aws-data.md

Author: Jak-MS

includes/mdfc/mdfc-recs-aws-data.md

@@ -44,7 +44,7 @@ There are **61** AWS recommendations in this category.
 |[DynamoDB tables should have point-in-time recovery enabled](https://portal.azure.com/#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/cc873508-40c1-41b6-8507-8a431d74f831) |This control checks whether point-in-time recovery (PITR) is enabled for an Amazon DynamoDB table. <br> Backups help you to recover more quickly from a security incident. They also strengthen the resilience of your systems. DynamoDB point-in-time recovery automates backups for DynamoDB tables. It reduces the time to recover from accidental delete or write operations. <br> DynamoDB tables that have PITR enabled can be restored to any point in time in the last 35 days. |Medium |
 |[EBS default encryption should be enabled](https://portal.azure.com/#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/56406d4c-87b4-4aeb-b1cc-7f6312d78e0a) |This control checks whether account-level encryption is enabled by default for Amazon Elastic Block Store(Amazon EBS).<br> The control fails if the account level encryption is not enabled.<br>When encryption is enabled for your account, Amazon EBS volumes and snapshot copies are encrypted at rest. This adds an additional layer of protection for your data.<br>For more information, see <a href='https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#encryption-by-default'>Encryption by default</a> in the Amazon EC2 User Guide for Linux Instances.<br>Note that following instance types do not support encryption: R1, C1, and M1. |Medium |
 |[Elastic Beanstalk environments should have enhanced health reporting enabled](https://portal.azure.com/#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/4170067b-345d-47ed-ab4a-c6b6046881f1) |This control checks whether enhanced health reporting is enabled for your AWS Elastic Beanstalk environments.<br>Elastic Beanstalk enhanced health reporting enables a more rapid response to changes in the health of the underlying infrastructure. These changes could result in a lack of availability of the application.<br>Elastic Beanstalk enhanced health reporting provides a status descriptor to gauge the severity of the identified issues and identify possible causes to investigate. The Elastic Beanstalk health agent, included in supported Amazon Machine Images (AMIs), evaluates logs and metrics of environment EC2 instances. |Low |
-|[Elastic Beanstalk managed platform updates should be enabled](https://portal.azure.com/#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/820f6c6e-f73f-432c-8c60-cae1794ea150) |his control checks whether managed platform updates are enabled for the Elastic Beanstalk environment.<br>Enabling managed platform updates ensures that the latest available platform fixes, updates, and features for the environment are installed. Keeping up to date with patch installation is an important step in securing systems. |High |
+|[Elastic Beanstalk managed platform updates should be enabled](https://portal.azure.com/#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/820f6c6e-f73f-432c-8c60-cae1794ea150) |This control checks whether managed platform updates are enabled for the Elastic Beanstalk environment.<br>Enabling managed platform updates ensures that the latest available platform fixes, updates, and features for the environment are installed. Keeping up to date with patch installation is an important step in securing systems. |High |
 |[Elasticsearch domain error logging to CloudWatch Logs should be enabled](https://portal.azure.com/#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/f48af569-2e67-464b-9a62-b8df0f85bc5e) |This control checks whether Elasticsearch domains are configured to send error logs to CloudWatch Logs.<br>You should enable error logs for Elasticsearch domains and send those logs to CloudWatch Logs for retention and response. Domain error logs can assist with security and access audits, and can help to diagnose availability issues. |Medium |
 |[Elasticsearch domains should be configured with at least three dedicated master nodes](https://portal.azure.com/#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/b4b9a67c-c315-4f9b-b06b-04867a453aab) |This control checks whether Elasticsearch domains are configured with at least three dedicated master nodes. This control fails if the domain does not use dedicated master nodes. This control passes if Elasticsearch domains have five dedicated master nodes. However, using more than three master nodes might be unnecessary to mitigate the availability risk, and will result in additional cost.<br>An Elasticsearch domain requires at least three dedicated master nodes for high availability and fault-tolerance. Dedicated master node resources can be strained during data node blue/green deployments because there are additional nodes to manage. Deploying an Elasticsearch domain with at least three dedicated master nodes ensures sufficient master node resource capacity and cluster operations if a node fails. |Medium |
 |[Elasticsearch domains should have at least three data nodes](https://portal.azure.com/#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/994cbcb3-43d4-419d-b5c4-9adc558f3ca2) |This control checks whether Elasticsearch domains are configured with at least three data nodes and zoneAwarenessEnabled is true.<br>An Elasticsearch domain requires at least three data nodes for high availability and fault-tolerance. Deploying an Elasticsearch domain with at least three data nodes ensures cluster operations if a node fails. |Medium |