If the incoming connectivity is to a static IP on the firewall cant you just SRC NAT it and then create an internal DNS entry to point it back to the NAT address on the firewall?
This is the kind of situation where a LB like an F5 or a Citrix is ideal.
If you need the traffic to hit the firewall from a single IP you'll need to condense it before it arrives.
You'll need to deploy a LB in Azure etc and point the AWS resources to it.
It will use SNAT to forward the traffic to the firewall behind its external Address.
As previous a DNS entry can be attached.
CCSME, CCTE, CCME, CCVS