I use one of two ways: 1. Read the IAM documentation for the product I'm using. A web search for "X aim" where X is the product name usually leads to the right docs. 2. If you have some time: create a new service account that has Editor access and let your Cloud Run service use that account in your dev or test environment. After some time, the Cloud Console will suggest how to reduce permissions to the minimum needed by the Cloud Run service, based on usage. Best of luck with your project!
Thank you for the suggestion. In this scenario, what are you running in AWS, what are you running in Google Cloud, and which identity do you want to use?