diff --git a/.changelog/42712.txt b/.changelog/42712.txt
new file mode 100644
index 000000000000..85b7a9562dfb
--- /dev/null
+++ b/.changelog/42712.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+resource/aws_elasticache_user: Ignore no-op changes from authentication mode `no-password` to `no-password-required`
+```
diff --git a/internal/service/elasticache/user.go b/internal/service/elasticache/user.go
index 0fdebf1c2773..56999c99939d 100644
--- a/internal/service/elasticache/user.go
+++ b/internal/service/elasticache/user.go
@@ -80,6 +80,14 @@ func resourceUser() *schema.Resource {
 							Type:             schema.TypeString,
 							Required:         true,
 							ValidateDiagFunc: enum.Validate[awstypes.InputAuthenticationType](),
+							DiffSuppressFunc: func(k, old, new string, d *schema.ResourceData) bool {
+								// AWS uses different values for input and output of the auth type, ignore equivalent values
+								if old == string(awstypes.AuthenticationTypeNoPassword) &&
+									new == string(awstypes.InputAuthenticationTypeNoPassword) {
+									return true
+								}
+								return false
+							},
 						},
 					},
 				},
diff --git a/internal/service/elasticache/user_test.go b/internal/service/elasticache/user_test.go
index 37baf18e2114..1c3dfd291ae2 100644
--- a/internal/service/elasticache/user_test.go
+++ b/internal/service/elasticache/user_test.go
@@ -129,6 +129,40 @@ func TestAccElastiCacheUser_iamAuthMode(t *testing.T) {
 	})
 }
 
+func TestAccElastiCacheUser_noPasswordAuthMode(t *testing.T) {
+	ctx := acctest.Context(t)
+	var user awstypes.User
+	rName := sdkacctest.RandomWithPrefix("tf-acc")
+	resourceName := "aws_elasticache_user.test"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.PreCheck(ctx, t) },
+		ErrorCheck:               acctest.ErrorCheck(t, names.ElastiCacheServiceID),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		CheckDestroy:             testAccCheckUserDestroy(ctx),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccUserConfigWithNoPasswordAuthMode_basic(rName),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckUserExists(ctx, resourceName, &user),
+					resource.TestCheckResourceAttr(resourceName, "user_id", rName),
+					resource.TestCheckResourceAttr(resourceName, names.AttrUserName, rName),
+					resource.TestCheckResourceAttr(resourceName, names.AttrEngine, "redis"),
+					resource.TestCheckResourceAttr(resourceName, "authentication_mode.0.type", "no-password"),
+				),
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+				ImportStateVerifyIgnore: []string{
+					"no_password_required",
+				},
+			},
+		},
+	})
+}
+
 func TestAccElastiCacheUser_update(t *testing.T) {
 	ctx := acctest.Context(t)
 	var user awstypes.User
@@ -490,6 +524,21 @@ resource "aws_elasticache_user" "test" {
 `, rName)
 }
 
+func testAccUserConfigWithNoPasswordAuthMode_basic(rName string) string {
+	return fmt.Sprintf(`
+resource "aws_elasticache_user" "test" {
+  user_id       = %[1]q
+  user_name     = %[1]q
+  access_string = "on ~app::* -@all +@read +@hash +@bitmap +@geo -setbit -bitfield -hset -hsetnx -hmset -hincrby -hincrbyfloat -hdel -bitop -geoadd -georadius -georadiusbymember"
+  engine        = "redis"
+
+  authentication_mode {
+    type = "no-password-required"
+  }
+}
+`, rName)
+}
+
 func testAccUserConfig_update(rName string) string {
 	return fmt.Sprintf(`
 resource "aws_elasticache_user" "test" {