Create a host project and a Sharad VPC for the security team. Make prod-servers a service project, and relocate the web servers to shared subnets in both regions. Enable IP forwarding on all the web servers. Create the IDS system in a non-shared subnet of us-east1 or us-west1. Configure the web servers to forward the packets to the IDS system.

Create a new project and a VPC for the security team. Peer the new VPC with the web servers’ VPC in the prod-servers project. Enable IP forwarding on all the web servers. Install the IDS system in both us-east1 and us-west1. Configure the web servers to forward the packets to the IDS system.

Create a host project and a Shared VPC for the security team. Make prod-servers a service project, and relocate the web servers to shared subnets in both regions. Create an internal load balancer and the IDS system in a subnet in either us-east1 or us-west1. Enable Packet Mirroring, and create a packet mirroring policy inside the host project.