Best Practice for custom DB Allow Lists

Has anyone connected a custom DB running in AWS using Whitelisted IP’s?

For Authentication, we have decided to use a custom DB with Whitelisted IP’s.
Our DB setup is SqlServer running in an AWS EC2 Windows server instance.
Currently this server is running in a Private subnet.
To allow Auth0 whitelisted connection one approach is:
Use the existing VPC
Use the existing subnet but convert it to allow external connections by:
Adding an Elastic IP address associated with the EC2 instance
Create a dedicated igw for the external connection
Create a security group associated with the DB instance. Set the security group’s inbound rules to allow access to Auth0 whitelisted IPs.

Then connect via a DB user with a locked down role.

Is there a more secure way to do this?