本文為英文版的機器翻譯版本，如內容有任何歧義或不一致之處，概以英文版為準。

# Cost Optimization Hub 和 AWS Organizations 受信任存取
<a name="coh-trusted-access"></a>

當您選擇使用組織的管理帳戶並包含組織中的所有成員帳戶時，您的組織帳戶中會自動啟用 Cost Optimization Hub 的受信任存取。每次您存取成員帳戶的建議時，Cost Optimization Hub 都會驗證您的組織帳戶中是否已啟用受信任存取。如果您在選擇加入後停用 Cost Optimization Hub 受信任存取，Cost Optimization Hub 會拒絕存取組織成員帳戶的建議。此外，組織內的成員帳戶不會選擇加入 Cost Optimization Hub。若要重新啟用受信任存取，請使用組織的管理帳戶再次選擇加入 Cost Optimization Hub，並包含組織內的所有成員帳戶。如需詳細資訊，請參閱[選擇加入您的帳戶](https://docs.aws.amazon.com/cost-management/latest/userguide/coh-getting-started.html#coh-access)。如需 Organizations 受信任存取的詳細資訊 AWS ，請參閱《 [AWS Organizations 使用者指南》中的將 Organizations 與其他 AWS 服務](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html)搭配使用。 *AWS *

## 管理帳戶政策
<a name="coh-management-account-policy"></a>

此政策提供管理帳戶選擇加入 Cost Optimization Hub 並擁有服務完整存取權所需的所有許可。

------
#### [ JSON ]

****  

```
{
    "Version":"2012-10-17",		 	 	 
    "Statement": [
        {
            "Sid": "CostOptimizationHubAdminAccess",
            "Effect": "Allow",
            "Action": [
                "cost-optimization-hub:ListEnrollmentStatuses",
                "cost-optimization-hub:UpdateEnrollmentStatus",
                "cost-optimization-hub:GetPreferences",
                "cost-optimization-hub:UpdatePreferences",
                "cost-optimization-hub:GetRecommendation",
                "cost-optimization-hub:ListRecommendations",
                "cost-optimization-hub:ListRecommendationSummaries",
                "organizations:EnableAWSServiceAccess"
            ],
            "Resource": "*"
        },
        {
            "Sid": "AllowCreationOfServiceLinkedRoleForCostOptimizationHub",
            "Effect": "Allow",
            "Action": [
                "iam:CreateServiceLinkedRole"
            ],
            "Resource": [
                "arn:aws:iam::*:role/aws-service-role/cost-optimization-hub.bcm.amazonaws.com/AWSServiceRoleForCostOptimizationHub"
            ],
            "Condition": {
                "StringLike": {
                    "iam:AWSServiceName": "cost-optimization-hub.bcm.amazonaws.com"
                }
            }
        },
        {
            "Sid": "AllowAWSServiceAccessForCostOptimizationHub",
            "Effect": "Allow",
            "Action": [
                "organizations:EnableAWSServiceAccess"
            ],
            "Resource": "*",
            "Condition": {
                "StringLike": {
                    "organizations:ServicePrincipal": [
                        "cost-optimization-hub.bcm.amazonaws.com"
                    ]
                }
            }
        }
    ]
}
```

------

## 成員帳戶政策
<a name="coh-member-account-policy"></a>

此政策提供成員帳戶擁有 Cost Optimization Hub 完整存取權所需的許可。

------
#### [ JSON ]

****  

```
{
    "Version":"2012-10-17",		 	 	 
    "Statement": [
        {
            "Sid": "CostOptimizationHubAdminAccess",
            "Effect": "Allow",
            "Action": [
                "cost-optimization-hub:ListEnrollmentStatuses",
                "cost-optimization-hub:UpdateEnrollmentStatus",
                "cost-optimization-hub:GetPreferences",
                "cost-optimization-hub:UpdatePreferences",
                "cost-optimization-hub:GetRecommendation",
                "cost-optimization-hub:ListRecommendations",
                "cost-optimization-hub:ListRecommendationSummaries"
            ],
            "Resource": "*"
        }
    ]
}
```

------