No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

You need to do this using Project IAM policies and conditions.

There's a Terraform example in the docs: <https://cloud.google.com/sql/docs/postgres/iam-conditions#terraform|https://cloud.google.com/sql/docs/postgres/iam-conditions#terraform>

The example can be used as reference for how to use the pulumi IAMMember resource: <https://www.pulumi.com/registry/packages/gcp/api-docs/projects/iammember/|https://www.pulumi.com/registry/packages/gcp/api-docs/projects/iammember/>

If you do end up creating a Pulumi sample for this, could you post it here? My team might be interested in it in a couple of weeks.

I haven't tested it yet, but it should look roughly like this:
```new gcp.projects.IAMBinding("...", {
    members: [...],
    role: "roles/cloudsql.client",
    condition: {
        expression: pulumi.interpolate`resource.name == 'projects/${gcp.config.project}/instances/${instance.name}' && resource.type == 'sqladmin.googleapis.com/Instance'`,
        title: "...",
        description: "...",
    }
});```