They could likely work around that, multiple locations in-country and an off site encrypted backup out of country.
More likely is it was "aid" from the US which usually comes with stipulations about what/where they can spend it - common with weapons/military kit, wouldn't be surprised if they did something similar with cloud services.
Hundreds of missiles get colaunched making up multi-thousand missile waves. A 200 drone wave is "small".
And any offsite that is "Israel's gov offsite" is an easy target even if in Cyprus or NYC.
Comingling with a bunch of bulk commercial hosts is very safe from a threat modeling perspective (in this case).