I would like to disagree with that; GCP seems to do a much better job at permission granularity, but does a "punch me in the face" level worse job at IAM role binding to principals
With AWS, if I have "role-A", used by "user1", and I now wish to bind it to "user2", do you know how many times I have to make reference to "user1"? ZERO
With GCP, binding is authoritative, so if I don't copy-paste the "members" from the previous incantation of that roleBinding over, buh-bye to "user1". Stark-raving insanity
With AWS, if I have "role-A", used by "user1", and I now wish to bind it to "user2", do you know how many times I have to make reference to "user1"? ZERO
With GCP, binding is authoritative, so if I don't copy-paste the "members" from the previous incantation of that roleBinding over, buh-bye to "user1". Stark-raving insanity