To adhere to the principle of least privilege, your colleague Bob requires the ability to create new instances on Compute Engine in 'Project A'. What is the most appropriate way to grant him access without exceeding the necessary permissions?