This is part of the reason deployments to production cloud environments should:

1. Only be allowed via CI/CD

2. All infra should be defined as code

3. Any deployment to production should be a delayed process that also has a human-approval step in the workflow (at least one, if not more)

(Exactly where that review step is placed depends on your organisation - culture, size, etc.)

And anyone that does need to touch production should do so from an isolated VM with temporary credentials. Developers shouldn't routinely have production access from their terminal. This last aspect is easy and cheap to set up on AWS. I presume it's also possible in Google Cloud.