To make a db reachable on the public Internet you would need to make the subnet it is in public (by adding an internet gateway) and then adding the rds resource flags to make your db publicly accessible.
This of course is not very secure, so you would minimally want to add ip whitelisted security groups attached to the db.
Alternatively, you can do the bastion host setup as mentioned above, put that into a public subnet and add security group rules that allow communication between the host and the db. Also, make sure that there are no subnet nacls that block traffic, by default there aren’t any.
If you do the bastion host, you can then do a forwarded port on your system from the db port to the host forwarding it to the db, then use your pg client to connect to localhost which will forward that to the db.
NAT is only for outbound access of hosts in a private subnet so they can make outbound calls, but they don’t allow in traffic.
Bastion host is the preferred, open db is a bad idea.