本文為英文版的機器翻譯版本，如內容有任何歧義或不一致之處，概以英文版為準。

# 的 Identity and Access Management AWS Compute Optimizer
<a name="security-iam"></a>

您可以使用 AWS Identity and Access Management (IAM) 來建立身分 （使用者、群組或角色），並提供這些身分存取 AWS Compute Optimizer 主控台和 APIs許可。

根據預設，IAM 使用者無法存取 Compute Optimizer 主控台和 APIs。您可以將 IAM 政策連接至單一使用者、使用者群組或角色，以授予使用者存取權。如需詳細資訊，請參閱《IAM 使用者指南》中的[身分 （使用者、群組和角色）](https://docs.aws.amazon.com/IAM/latest/UserGuide/id.html) 和 IAM 政策概觀。 [https://docs.aws.amazon.com/IAM/latest/UserGuide/PoliciesOverview.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/PoliciesOverview.html)

在您建立 IAM 使用者之後，您可以為這些使用者提供個別的密碼。然後，他們可以登入您的帳戶，並使用帳戶特定的登入頁面檢視 Compute Optimizer 資訊。如需詳細資訊，請參閱[使用者如何登入您的帳戶](https://docs.aws.amazon.com/IAM/latest/UserGuide/getting-started_how-users-sign-in.html)。

**重要**  
若要檢視 EC2 執行個體的建議，IAM 使用者需要 `ec2:DescribeInstances`許可。
若要檢視 EBS 磁碟區的建議，IAM 使用者需要 `ec2:DescribeVolumes`許可。
若要檢視 EC2 Auto Scaling 群組的建議，IAM 使用者需要 `autoscaling:DescribeAutoScalingGroups`和 `autoscaling:DescribeAutoScalingInstances`許可。
若要檢視 Lambda 函數的建議，IAM 使用者需要 `lambda:ListFunctions`和 `lambda:ListProvisionedConcurrencyConfigs`許可。
若要在 Fargate 上檢視 Amazon ECS 服務的建議，IAM 使用者需要 `ecs:ListServices`和 `ecs:ListClusters`許可。
若要在 Compute Optimizer 主控台中檢視目前的 CloudWatch 指標資料，IAM 使用者需要 `cloudwatch:GetMetricData`許可。
若要檢視商業軟體授權建議，需要特定 Amazon EC2 執行個體角色和 IAM 使用者許可。如需詳細資訊，請參閱 [啟用商業軟體授權建議的政策](#license-access)。
若要檢視 Amazon RDS 的建議，IAM 使用者需要 `rds:DescribeDBInstances`和 `rds:DescribeDBClusters`許可。

如果您想要授予許可的使用者或群組已有政策，您可以將此處說明的其中一個 Compute Optimizer 特定政策陳述式新增至該政策。

**Topics**
+ [的受信任存取 AWS Organizations](#trusted-service-access)
+ [Compute Optimizer 的政策範例](#CO-policy-examples)
+ [自動化的政策範例](#COA-policy-example)
+ [其他資源](#iam-resources)

## 的受信任存取 AWS Organizations
<a name="trusted-service-access"></a>

當您選擇使用組織的管理帳戶並包含組織中的所有成員帳戶時，您的組織帳戶中會自動啟用 Compute Optimizer 的受信任存取。這可讓 Compute Optimizer 分析這些成員帳戶中的運算資源，並為其產生建議。

每次您存取成員帳戶的建議時，Compute Optimizer 都會驗證您的組織帳戶中是否已啟用受信任存取。如果您在選擇加入後停用 Compute Optimizer 受信任存取，Compute Optimizer 會拒絕存取組織成員帳戶的建議。此外，組織內的成員帳戶不會選擇加入 Compute Optimizer。若要重新啟用受信任存取，請使用組織的管理帳戶再次選擇加入 Compute Optimizer，並在組織內包含所有成員帳戶。如需詳細資訊，請參閱[選擇加入 AWS Compute Optimizer](account-opt-in.md)。如需 AWS Organizations 受信任存取的詳細資訊，請參閱*AWS Organizations 《 使用者指南*》中的[將 AWS Organizations 與其他 AWS 服務](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html)搭配使用。

## Compute Optimizer 的政策範例
<a name="CO-policy-examples"></a>

**Topics**
+ [選擇加入 Compute Optimizer 的政策](#opting-in-access)
+ [授予獨立運算最佳化工具存取權的政策 AWS 帳戶](#standalone-account-access)
+ [授予組織管理帳戶 Compute Optimizer 存取權的政策](#organization-account-access)
+ [授予管理 Compute Optimizer 建議偏好設定存取權的政策](#enhanced-infrastructure-metrics-permissions)
+ [啟用商業軟體授權建議的政策](#license-access)
+ [拒絕存取 Compute Optimizer 的政策](#deny-access)

### 選擇加入 Compute Optimizer 的政策
<a name="opting-in-access"></a>

此政策陳述式會授予下列項目：
+ 選擇加入 Compute Optimizer 的存取權。
+ 為 Compute Optimizer 建立服務連結角色的存取權。如需詳細資訊，請參閱[使用 的服務連結角色 AWS Compute Optimizer](using-service-linked-roles.md)。
+ 將註冊狀態更新為 Compute Optimizer 服務的存取權。

**重要**  
選擇加入需要此 IAM 角色 AWS Compute Optimizer。

------
#### [ JSON ]

****  

```
{
    "Version":"2012-10-17",		 	 	 
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "iam:CreateServiceLinkedRole",
            "Resource": "arn:aws:iam::*:role/aws-service-role/compute-optimizer.amazonaws.com/AWSServiceRoleForComputeOptimizer*",
            "Condition": {"StringLike": {"iam:AWSServiceName": "compute-optimizer.amazonaws.com"}}
        },
        {
            "Effect": "Allow",
            "Action": "iam:PutRolePolicy",
            "Resource": "arn:aws:iam::*:role/aws-service-role/compute-optimizer.amazonaws.com/AWSServiceRoleForComputeOptimizer"
        },
        {
            "Effect": "Allow",
            "Action": "compute-optimizer:UpdateEnrollmentStatus",
            "Resource": "*"
        }
    ]
}
```

------

------
#### [ JSON ]

****  

```
{
    "Version":"2012-10-17",		 	 	 
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "iam:CreateServiceLinkedRole",
            "Resource": "arn:aws-cn:iam::*:role/aws-service-role/compute-optimizer.amazonaws.com/AWSServiceRoleForComputeOptimizer*",
            "Condition": {"StringLike": {"iam:AWSServiceName": "compute-optimizer.amazonaws.com"}}
        },
        {
            "Effect": "Allow",
            "Action": "iam:PutRolePolicy",
            "Resource": "arn:aws-cn:iam::*:role/aws-service-role/compute-optimizer.amazonaws.com/AWSServiceRoleForComputeOptimizer"
        },
        {
            "Effect": "Allow",
            "Action": "compute-optimizer:UpdateEnrollmentStatus",
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": "organizations:DescribeOrganization",
            "Resource": "*"
        }
    ]
}
```

------

### 授予獨立運算最佳化工具存取權的政策 AWS 帳戶
<a name="standalone-account-access"></a>

下列政策陳述式授予獨立 的 Compute Optimizer 完整存取權 AWS 帳戶。

------
#### [ JSON ]

****  

```
{
    "Version":"2012-10-17",		 	 	 
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "compute-optimizer:*",
                "ec2:DescribeInstances",
                "ec2:DescribeVolumes",
                "ecs:ListServices",
                "ecs:ListClusters",
                "autoscaling:DescribeAutoScalingGroups",
                "autoscaling:DescribeAutoScalingInstances",
                "lambda:ListFunctions",
                "lambda:ListProvisionedConcurrencyConfigs",
                "cloudwatch:GetMetricData"
            ],
            "Resource": "*"
        }
    ]
}
```

------

下列政策陳述式授予獨立 的 Compute Optimizer 唯讀存取權 AWS 帳戶。

------
#### [ JSON ]

****  

```
{
    "Version":"2012-10-17",		 	 	 
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "compute-optimizer:GetEnrollmentStatus",
                "compute-optimizer:GetEffectiveRecommendationPreferences",
                "compute-optimizer:GetRecommendationPreferences",
                "compute-optimizer:GetRecommendationSummaries",
                "compute-optimizer:GetEC2InstanceRecommendations",
                "compute-optimizer:GetEC2RecommendationProjectedMetrics",
                "compute-optimizer:GetAutoScalingGroupRecommendations",
                "compute-optimizer:GetEBSVolumeRecommendations",
                "compute-optimizer:GetLambdaFunctionRecommendations",
                "compute-optimizer:DescribeRecommendationExportJobs",
                "compute-optimizer:GetEffectiveRecommendationPreferences",
                "compute-optimizer:GetRecommendationPreferences",
                "compute-optimizer:GetECSServiceRecommendations",
                "compute-optimizer:GetECSServiceRecommendationProjectedMetrics",
                "compute-optimizer:GetRDSDatabaseRecommendations",
                "compute-optimizer:GetRDSDatabaseRecommendationProjectedMetrics",
                "compute-optimizer:GetIdleRecommendations",
                "ec2:DescribeInstances",
                "ec2:DescribeVolumes",
                "ecs:ListServices",
                "ecs:ListClusters",
                "autoscaling:DescribeAutoScalingGroups",
                "autoscaling:DescribeAutoScalingInstances",
                "lambda:ListFunctions",
                "lambda:ListProvisionedConcurrencyConfigs",
                "cloudwatch:GetMetricData",
                "rds:DescribeDBInstances",
                "rds:DescribeDBClusters"
            ],
            "Resource": "*"
        }
    ]
}
```

------

### 授予組織管理帳戶 Compute Optimizer 存取權的政策
<a name="organization-account-access"></a>

下列政策陳述式會授予組織管理帳戶對 Compute Optimizer 的完整存取權。

------
#### [ JSON ]

****  

```
{
    "Version":"2012-10-17",		 	 	 
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "compute-optimizer:*",
                "ec2:DescribeInstances",
                "ec2:DescribeVolumes",
                "ecs:ListServices",
                "ecs:ListClusters",
                "autoscaling:DescribeAutoScalingGroups",
                "autoscaling:DescribeAutoScalingInstances",
                "lambda:ListFunctions",
                "lambda:ListProvisionedConcurrencyConfigs",
                "cloudwatch:GetMetricData",
                "organizations:ListAccounts",
                "organizations:DescribeOrganization",
                "organizations:DescribeAccount",
                "organizations:EnableAWSServiceAccess",
                "organizations:ListDelegatedAdministrators",
                "organizations:RegisterDelegatedAdministrator",
                "organizations:DeregisterDelegatedAdministrator"
            ],
            "Resource": "*"
        }
    ]
}
```

------

下列政策陳述式授予組織的管理帳戶的 Compute Optimizer 唯讀存取權。

------
#### [ JSON ]

****  

```
{
    "Version":"2012-10-17",		 	 	 
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "compute-optimizer:GetEnrollmentStatus",
                "compute-optimizer:GetEnrollmentStatusesForOrganization",
                "compute-optimizer:GetRecommendationSummaries",
                "compute-optimizer:GetEC2InstanceRecommendations",
                "compute-optimizer:GetEC2RecommendationProjectedMetrics",
                "compute-optimizer:GetAutoScalingGroupRecommendations",
                "compute-optimizer:GetEBSVolumeRecommendations",
                "compute-optimizer:GetLambdaFunctionRecommendations",
                "compute-optimizer:GetEffectiveRecommendationPreferences",
                "compute-optimizer:GetRecommendationPreferences",
                "compute-optimizer:GetECSServiceRecommendations",
                "compute-optimizer:GetECSServiceRecommendationProjectedMetrics",
                "compute-optimizer:GetRDSDatabaseRecommendations",
                "compute-optimizer:GetRDSDatabaseRecommendationProjectedMetrics",
                "compute-optimizer:GetIdleRecommendations",
                "ec2:DescribeInstances",
                "ec2:DescribeVolumes",
                "ecs:ListServices",
                "ecs:ListClusters",
                "autoscaling:DescribeAutoScalingGroups",
                "autoscaling:DescribeAutoScalingInstances",
                "lambda:ListFunctions",
                "lambda:ListProvisionedConcurrencyConfigs",
                "cloudwatch:GetMetricData",
                "organizations:ListAccounts",
                "organizations:DescribeOrganization",
                "organizations:DescribeAccount",
                "organizations:ListDelegatedAdministrators",
                "rds:DescribeDBInstances",
                "rds:DescribeDBClusters"
            ],
            "Resource": "*"
        }
    ]
}
```

------

### 授予管理 Compute Optimizer 建議偏好設定存取權的政策
<a name="enhanced-infrastructure-metrics-permissions"></a>

下列政策陳述式授予檢視和編輯建議偏好設定的存取權。

**授予僅管理 EC2 執行個體建議偏好設定的存取權**

------
#### [ JSON ]

****  

```
{
	"Version":"2012-10-17",		 	 	 
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "compute-optimizer:DeleteRecommendationPreferences",
                "compute-optimizer:GetEffectiveRecommendationPreferences",
                "compute-optimizer:GetRecommendationPreferences",
                "compute-optimizer:PutRecommendationPreferences"
            ],
            "Resource": "*",
            "Condition" :  {
                "StringEquals" : {
                    "compute-optimizer:ResourceType" : "Ec2Instance"
                }
            }            
        }
    ]
}
```

------

**授予僅管理 EC2 Auto Scaling 群組建議偏好設定的存取權**

------
#### [ JSON ]

****  

```
{
	"Version":"2012-10-17",		 	 	 
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "compute-optimizer:DeleteRecommendationPreferences",
                "compute-optimizer:GetEffectiveRecommendationPreferences",
                "compute-optimizer:GetRecommendationPreferences",
                "compute-optimizer:PutRecommendationPreferences"
            ],
            "Resource": "*",
            "Condition" :  {
                "StringEquals" : {
                    "compute-optimizer:ResourceType" : "AutoScalingGroup"
                }
            }            
        }
    ]
}
```

------

**授予僅管理 RDS 執行個體建議偏好設定的存取權**

------
#### [ JSON ]

****  

```
{
	"Version":"2012-10-17",		 	 	 
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "compute-optimizer:DeleteRecommendationPreferences",
                "compute-optimizer:GetEffectiveRecommendationPreferences",
                "compute-optimizer:GetRecommendationPreferences",
                "compute-optimizer:PutRecommendationPreferences"
            ],
            "Resource": "*",
            "Condition" :  {
                "StringEquals" : {
                    "compute-optimizer:ResourceType" : "RdsDBInstance"
                }
            }            
        }
    ]
}
```

------

### 啟用商業軟體授權建議的政策
<a name="license-access"></a>

若要讓 Compute Optimizer 產生授權建議，請連接下列 Amazon EC2 執行個體角色和政策。
+ 啟用 Systems Manager `AmazonSSMManagedInstanceCore`的角色。如需詳細資訊，請參閱*AWS Systems Manager 《 使用者指南*》中的以[AWS Systems Manager 身分為基礎的政策範例](https://docs.aws.amazon.com//systems-manager/latest/userguide/security_iam_id-based-policy-examples)。
+ 啟用將執行個體指標和日誌發佈至 CloudWatch `CloudWatchAgentServerPolicy`的政策。如需詳細資訊，請參閱《Amazon [ CloudWatch 使用者指南》中的建立 IAM 角色和使用者以搭配 CloudWatch 代理程式使用](https://docs.aws.amazon.com//AmazonCloudWatch/latest/monitoring/create-iam-roles-for-cloudwatch-agent)。 *Amazon CloudWatch *
+ 下列 IAM 內嵌政策陳述式，用於讀取存放於 中的秘密 Microsoft SQL Server 連線字串 AWS Systems Manager。如需內嵌政策的詳細資訊，請參閱*AWS Identity and Access Management 《 使用者指南*》中的 [ 受管政策和內嵌政策](https://docs.aws.amazon.com//IAM/latest/UserGuide/access_policies_managed-vs-inline)。

------
#### [ JSON ]

****  

```
{
    "Version":"2012-10-17",		 	 	 
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "secretsmanager:GetSecretValue*"
            ],
            "Resource": "arn:aws:secretsmanager:*:*:secret:ApplicationInsights-*"
        }
    ]
}
```

------

此外，若要啟用和接收授權建議，請將下列 IAM 政策連接至您的使用者、群組或角色。如需詳細資訊，請參閱《*Amazon CloudWatch 使用者指南》中的 *[IAM 政策](https://docs.aws.amazon.com//AmazonCloudWatch/latest/monitoring/appinsights-iam)。

------
#### [ JSON ]

****  

```
{
    "Version":"2012-10-17",		 	 	 
    "Statement": [
        {
            "Action": [
                "applicationinsights:*",
                "iam:CreateServiceLinkedRole",
                "iam:ListRoles",
                "resource-groups:ListGroups"
            ],
            "Effect": "Allow",
            "Resource": "*"
        }
    ]
}
```

------

### 拒絕存取 Compute Optimizer 的政策
<a name="deny-access"></a>

下列政策陳述式拒絕存取 Compute Optimizer。

------
#### [ JSON ]

****  

```
{
    "Version":"2012-10-17",		 	 	 
    "Statement": [
        {
            "Effect": "Deny",
            "Action": "compute-optimizer:*",
            "Resource": "*"
        }
    ]
}
```

------

## 自動化的政策範例
<a name="COA-policy-example"></a>

**Topics**
+ [為您的帳戶啟用自動化的政策](#policy-automation-enable)
+ [在整個組織中啟用自動化的政策](#automation-enable-org)
+ [授予獨立 AWS 帳戶 Compute Optimizer Automation 完整存取權的政策](#automation-account-full)
+ [授予獨立 AWS 帳戶 Compute Optimizer Automation 唯讀存取權的政策](#automation-account-read)
+ [授予組織管理帳戶 Compute Optimizer Automation 完整存取權的政策](#automation-account-mgmt)
+ [為組織的管理帳戶授予 Compute Optimizer Automation 唯讀存取權的政策](#automation-account-mgmt-readonly)

### 為您的帳戶啟用自動化的政策
<a name="policy-automation-enable"></a>

下列政策陳述式會為您的 帳戶啟用自動化。

```
{
    "Version": "2012-10-17",                   
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "iam:CreateServiceLinkedRole",
            "Resource": "arn:aws:iam::*:role/aws-service-role/aco-automation.amazonaws.com/AWSServiceRoleForComputeOptimizerAutomation",
            "Condition": {"StringLike": {"iam:AWSServiceName": "aco-automation.amazonaws.com"}}
        },
        {
            "Effect": "Allow",
            "Action": [
                "iam:PutRolePolicy", 
                "iam:AttachRolePolicy"
            ],
            "Resource": "arn:aws:iam::*:role/aws-service-role/aco-automation.amazonaws.com/AWSServiceRoleForComputeOptimizerAutomation"
        },
        {
            "Effect": "Allow",
            "Action": "aco-automation:UpdateEnrollmentConfiguration",
            "Resource": "*"
        }
    ]
}
```

### 在整個組織中啟用自動化的政策
<a name="automation-enable-org"></a>

下列政策陳述式會啟用整個組織的自動化。

```
                {
    "Version": "2012-10-17",                   
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "iam:CreateServiceLinkedRole",
            "Resource": "arn:aws:iam::*:role/aws-service-role/aco-automation.amazonaws.com/AWSServiceRoleForComputeOptimizerAutomation",
            "Condition": {"StringLike": {"iam:AWSServiceName": "aco-automation.amazonaws.com"}}
        },
        {
            "Effect": "Allow",
            "Action": [
                "iam:PutRolePolicy", 
                "iam:AttachRolePolicy"
            ],
            "Resource": "arn:aws:iam::*:role/aws-service-role/aco-automation.amazonaws.com/AWSServiceRoleForComputeOptimizerAutomation"
        },
        {
            "Effect": "Allow",
            "Action": "aco-automation:UpdateEnrollmentConfiguration",
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": "aco-automation:AssociateAccounts",
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": "aco-automation:DisassociateAccounts",
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": "aco-automation:ListAccounts",
            "Resource": "*"
        }
    ]
}
```

### 授予獨立 AWS 帳戶 Compute Optimizer Automation 完整存取權的政策
<a name="automation-account-full"></a>

下列政策授予獨立 AWS 帳戶對 Compute Optimizer Automation 的完整存取權。

```
                {
    "Version": "2012-10-17",                   
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
               "aco-automation:*",
            "ec2:DescribeVolumes"
            ],
            "Resource": "*"
        }
    ]
}
```

### 授予獨立 AWS 帳戶 Compute Optimizer Automation 唯讀存取權的政策
<a name="automation-account-read"></a>

下列政策授予獨立 AWS 帳戶對 Compute Optimizer Automation 的唯讀存取權。

```
                {
    "Version": "2012-10-17",                   
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
               "aco-automation:GetEnrollmentConfiguration",
               "aco-automation:GetAutomationEvent",
               "aco-automation:GetAutomationRule",
               "aco-automation:ListAutomationEvents",
               "aco-automation:ListAutomationEventSteps",
               "aco-automation:ListAutomationEventSummaries",
               "aco-automation:ListAutomationRules",
               "aco-automation:ListAutomationRulePreview",
               "aco-automation:ListAutomationRulePreviewSummaries",
               "aco-automation:ListRecommendedActions",
               "aco-automation:ListRecommendedActionSummaries",
               "aco-automation:ListTagsForResource",
               "ec2:DescribeVolumes"
            ],
            "Resource": "*"
        }
    ]
}
```

### 授予組織管理帳戶 Compute Optimizer Automation 完整存取權的政策
<a name="automation-account-mgmt"></a>

下列政策授予組織管理帳戶對 Compute Optimizer Automation 的完整存取權。

```
                {
    "Version": "2012-10-17",                   
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
               "aco-automation:*",
               "ec2:DescribeVolumes",
               "organizations:ListAccounts",
               "organizations:DescribeOrganization",
               "organizations:DescribeAccount",
               "organizations:EnableAWSServiceAccess",
               "organizations:ListDelegatedAdministrators",
               "organizations:RegisterDelegatedAdministrator",
               "organizations:DeregisterDelegatedAdministrator"
            ],
            "Resource": "*"
        }
    ]
}
```

### 為組織的管理帳戶授予 Compute Optimizer Automation 唯讀存取權的政策
<a name="automation-account-mgmt-readonly"></a>

下列政策授予組織管理帳戶的 Compute Optimizer Automation 唯讀存取權。

```
                {
    "Version": "2012-10-17",                   
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
               "aco-automation:GetEnrollmentConfiguration",
               "aco-automation:GetAutomationEvent",
               "aco-automation:GetAutomationRule",
               "aco-automation:ListAccounts",
               "aco-automation:ListAutomationEvents",
               "aco-automation:ListAutomationEventSteps",
               "aco-automation:ListAutomationEventSummaries",
               "aco-automation:ListAutomationRules",
               "aco-automation:ListAutomationRulePreview",
               "aco-automation:ListAutomationRulePreviewSummaries",
               "aco-automation:ListRecommendedActions",
               "aco-automation:ListRecommendedActionSummaries",
               "aco-automation:ListTagsForResource",
               "ec2:DescribeVolumes"
            ],
            "Resource": "*"
        }
    ]
}
```

## 其他資源
<a name="iam-resources"></a>
+ 故障診斷 — [在 Compute Optimizer 中進行故障診斷](troubleshooting-account-opt-in.md)
+ [選擇加入 AWS Compute Optimizer](account-opt-in.md)
+ [AWS 的 受管政策 AWS Compute Optimizer](managed-policies.md)
+ [使用 的服務連結角色 AWS Compute Optimizer](using-service-linked-roles.md)
+ [使用服務連結角色進行自動化](using-service-linked-roles-automation.md)