I would first try to contact the vendor and explain to them what occurred so that they would re-do your license to allow you to move your scanner to where it should be. Most, if not all would do this.
Secondly, I don’t want to misinterpret things here, but when you state “due to limitations on Gov cloud” I am interpreting this to mean you do not have appropriate permissions. I am going to err on the side of caution with this statement: Make sure you have full authority, rights, and permissions to install something on this instance otherwise you are likely breaking laws. I can see no reason for you not to have permissions if it is part of your role.
Now on to the IDS question/portion. Most IDS portions rely on logging information (event logs, syslogs, etc) to generate “events.” These events are thereby acted on (an alert is sent, alarms triggered, etc). Your goal seems to be to get this data from point A to point B. The optimal of doing this would be to create some form of encrypted communication session to transport data to and from each machine. To do this, I would use a VPN session/tunnel as opposed to putting a public address on a machine that likely shouldn’t have a public address.
The downsides of putting on a public address is that you make your machine a target. In doing so (configuring a public address) you would then need to create two firewall rules on each location to minimize connectivity from unauthorized locations. This creates more work, more configuring, more room for error.
If you CANNOT get the vendor to address changing the vulnscanner/IDS licensing, I would do the following:
IDS SYSTEM —> VPN TUNNEL —> GOV MACHINE
This encrypts data to and from, and depending on how you configure your connection (site to site, roaming) will allow you to avoid creating firewall rules on both ends. Determine what it is the IDS is looking for (syslog, event logs, etc) and configure the client to send those to the IDS server in a secure fashion (via VPN). It is not that complicated.
