About Bastion usage I have written a long time ago. Usage of jump hosts is very common. It seems to be obvious from a security point of view that you want to hide compute instances or database servers in private networks, but there should be a secure way to access them somehow, especially when you are using end-2-end automation in Terraform, with the usage of remote-exec from null_provider. Recently in OCI, this feature has been simplified. There is no need to create yet another VM to jump. Natively you have a service called OCI Bastion Service. It is available in OCI Console in Identity & Access Management Section. OCI Bastion Service can be also deployed with Terraform. Below you can find a video about it and a link to the GitHub repository.
Martin, The Cook.