Data stored in the AWS Elasticache Replication Group is not encrypted at-rest which could expose sensitive customer data.
In AWS Console -
To enable at-rest encryption when creating a replication group using the AWS Console, make the following selections:
In Terraform -
References:
https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/at-rest-encryption.html#at-rest-encryption-enable
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_replication_group#at_rest_encryption_enabled