In AWS, to control access to a specific resource, there are resource based policies. In GCP, there isn't a direct analog of resource based policies, but existing policy bindings (IAM bindings) can be leveraged to recreate something analagous.

Simply put, the IAM policy bindings in GCP is allowed to have a CONDITION.

This condition can target specific resources (using something called resource attributes)

 

Sample Query for specific resource access using a conditional access policy

(resource.type == "compute.googleapis.com/Disk" &&
resource.name.startsWith("projects/project-123/regions/us-central1/disks/devAccess")) ||
(resource.type == "compute.googleapis.com/Instance" &&
resource.name.startsWith("projects/project-123/zones/us-central1-a/instances/devAccess")) ||
(resource.type != "compute.googleapis.com/Disk" &&
resource.type != "compute.googleapis.com/Instance")

Summary

Resource based policies are possible in GCP using a CONDITIONAL IAM Policy Binding.

Need Assistance with your AWS or GCP cloud strategy?