In AWS use case, is there any standard practice to open DocDB (running in private subnet) port to whitelisted public IP’s securely.
You can’t assign public IPs to instances running in private subnets. That’s why they are private.
What you do is to put a load balancer onto a public subnet, and attach it to the instances running in the private subnet. You create a whitelist as a security group and apply the security group to the loadbalancer.
You should use an application load balancer, and assign a DNS domain name and certificate to it, permitting you external users to access it via HTTPS and with a name e.g.
https://docdb.myorg.com
If you want to only access via IP address from the outside world then you use a network load balancer with elastic IPs connected to it. NLB does not give you HTTPS access, so you have to manage encryption directly on the EC2 instances.