A best practice is to audit connections. These audit records are consumed by SIEM systems.
In an orchestrated public cloud, we often have proxy servers hiding the origin IP. We also commonly have NAT performed by the cloud load-balancer.
Here we explain how you can obtain IP transparency through these systems, allowing your existing SIEM, fail-to-ban, geo-ip restriction, etc., systems to work without change, and without losing the elastic benefits these NAT and load balancers provide.