You say "No security groups equivalent", but you fail to specify what exactly is missing.
AWS security groups seem to me to be a giant mess and GCP firewalling with instance tags and such is a much clearer and easier to use system that can still do everything that AWS security groups can as far as I can tell.
You can specify what can communicate with what VERY strictly based on CIDR masks and network tags.
We’re a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.