A secure computer that acts as a gateway for accessing private servers that aren't exposed to the internet. Like a security checkpoint at a building entrance - you must go through it to reach the protected areas inside.
Instead of giving your database server a public IP address, you connect to a Bastion Host first, then securely access the database from there. Azure Bastion, AWS Session Manager, and GCP IAP all provide this service.
All provide a controlled way to reach private resources without exposing them to the public internet. Azure Bastion and OCI Bastion offer managed jump-host access to VMs over SSH/RDP without public IPs. AWS Session Manager provides browser/CLI-based shell access to instances via the SSM agent and IAM, often eliminating inbound SSH. GCP IAP TCP forwarding lets you reach VMs over SSH/RDP through Google’s proxy with IAM-based access and no public IP required.