You can specify that Autonomous Database uses a private endpoint inside your Virtual Cloud Network (VCN) in your tenancy. You can configure a private endpoint during provisioning or cloning your Autonomous Database, or you can switch to using private endpoints in existing databases that use public endpoints. This allows you to keep all traffic to and from your Autonomous Database off of the public internet.

Specifying the Private endpoint access only configuration option only allows traffic from the VCN you specify and blocks access to the database from all public IPs or VCNs. This allows you to define security rules, ingress/egress, at the Network Security Group (NSG) level and to control traffic to your database.

Select the Allow public access option when you want to configure an Autonomous Database to use a private endpoint and you also want to allow connections from specific public IP addresses or from specific VCNs (if the VCNs are configured to privately connect to Autonomous Database using a Service Gateway).

See Configure Network Access with Private Endpoints for the steps for configuring network access with a private endpoint, either when you provision or clone your database or when you modify a private endpoint.