Permission in AWS LB

How can I allow a CIDR in aws lb without usign a exit-node??

For example, I run tailscale with this tags :

tailscale up --advertise-routes=,, --accept-dns=false

and with that I can access the private ips and RDS.

How is it possible to do the same thing in public subnet??

If I use exit-node it work.