You have deployed multiple Compute Engine instances in Google Cloud and need to make their monitoring metrics and logs accessible in Cloud Logging and Cloud Monitoring for your operations and security teams. How can you grant the necessary IAM roles to the Compute Engine service account while adhering to the principle of least privilege?