Right now everyone can access absolutely any server in GCE so long as they have GCE access. The gcloud comput ssh command can ssh into any server.

How do I make sure that only the person that created the server has access?

It is possible to implement access control to instances based on GCE IAM roles via OS Login:

After you enable OS Login on one or more instances in your project, those instances accept connections only from user accounts who have the necessary IAM roles in your project or organization:

As an example, you might grant instance access to your users with the following process:

1. Grant the necessary instance access roles to the user. Users must have the following roles:

   • The iam.serviceAccountUser role.
   • One of the following login roles:
     • The compute.osLogin role, which does not grant administrator permissions
     • The compute.osAdminLogin role, which grants administrator permissions

But note that not all GCE image families have OS Login support:

The following image families do not yet support OS Login:

• All project coreos-cloud (CoreOS) image families
• Project suse-cloud (SLES) image family sles-11
• All Windows Server and SQL Server image families