You should never expose your database outside of your private network.
Let’s use RDS as an example, if you want to access RDS instance, you will need to have a bastion (also called jumpbox). It can be as simple as an EC2 instance has a public interface.
The way you could do it is just use a SSH tunnel.
ssh -L5432:dbname.chkc3gsh6ctw.ap-southeast-2.rds.amazonaws.com:5432 ec2-user@13.114.79.101 -i ~/keys/jumpbox.pem
If you don’t familiar with Linux, you could just create a windows box in a public subnet. and RDP into the Windows jumpbox. Install whatever client you need to access it from there.
