AWS ElasticSearch Domains have node-to-node encryption disabled which may expose sensitive customer data.
In AWS Console -
In Terraform -
References:
https://docs.aws.amazon.com/opensearch-service/latest/developerguide/ntn.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticsearch_domain#node_to_node_encryption