Data stored in the Elasticache Replication Group is not encrypted in-transit which could expose sensitive customer data.
In AWS Console -
To enable in-transit encryption when creating a replication group using the AWS Console, make the following selections:
In Terraform -
References:
https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/in-transit-encryption.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_replication_group#transit_encryption_enabled