Not configuring AWS Load balancer to have one target group listening on HTTPS ensures end-to-end encryption is not enabled. This could impact the confidentiality of data in transit.
In the console, a target group's protocol can only be set upon creation. To change the protocol, simply create a new target group and add the targets to that group. Once the configuration is complete, associate with the appropriate load balancer.
In AWS Console -
In Terraform -
References:
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-target-group.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_target_group