You are designing a network architecture for your organization with three developer teams (Web, App, and Database) that require access to Compute Engine instances. As part of a small network and security team, you need to provide network access while maintaining centralized control over subnets, routes, and firewalls, with minimal operational overhead. How would you design this topology?