To adhere to the principle of least privilege, your colleague Bob requires the ability to create new instances on Compute Engine within 'Project A'. What is the most appropriate way to grant him access without exceeding the necessary permissions?