You can specify that Autonomous Database uses a private endpoint inside your Virtual Cloud Network (VCN) in your tenancy. You can configure a private endpoint during provisioning or cloning your Autonomous Database, or you can switch to using private endpoints in existing databases that use public endpoints. This allows you to keep all traffic to and from your Autonomous Database off of the public internet.
Specifying the Virtual cloud network configuration option only allows traffic from the VCN you specify and blocks access to the database from all public IPs or VCNs. This allows you to define security rules, ingress/egress, at the Network Security Group (NSG) level and to control traffic to your database.
See Configuring Network Access with Private Endpoints for the steps for configuring network access private endpoints, either when you provision or clone your database, or whenever you want to add, modify or remove private endpoints.