As with many cloud providers, Google recommends the use of service accounts for automated functions. It is best practice to ensure that these service accounts have access that aligns with the task for which they are used rather than having broad access to many or all services.
In GCP Console -
In Terraform -
References:
https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_instance#service_account
https://cloud.google.com/sdk/gcloud/reference/alpha/compute/instances/set-scopes#--scopes