Access Scope is almost same as AWS IAM Role. You can define an IAM role while creating an instance on AWS and you can’t change the IAM role name but you can modify later whether instance is running or stopped.
Unfortunately GCP does not allow to update access scopes on an already running instance.
Default Acces Score: read-only access to Storage and Service Management, write access to Stackdriver Logging and Monitoring, read/write access to Service Control
So, when you want to write Google Cloud Storage bucket you have to create a new service account and assign to the instance or you have to modify the access scope.
As of Now, you can’t modify access scopeof the running instance. You have to stop the instance ,click edit and change access scope value as “Set access for each API”
and edit desired GCP component and access level
then you can start the instance
AWS Certified Cloud Expert