When creating Redis replication groups in ElastiCache, encryption can be enabled for data in transit. This can help protect sensitive data while it is being transmitted from one system to another. For more information, see the AWS documentation.
References:
https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/in-transit-encryption.html
To enable authentication on an existing Redis server, call the ModifyReplicationGroup API operation. Call ModifyReplicationGroup with the --auth-token parameter as the new token and the --auth-token-update-strategy with the value ROTATE. After the modification is complete, the cluster supports the AUTH token specified in the auth-token parameter in addition to supporting connecting without authentication. Enabling authentication is only supported on Redis servers with encryption in transit (TLS) enabled.
In Terraform -
References:
https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/auth.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_replication_group