本文属于机器翻译版本。若本译文内容与英语原文存在差异，则一律以英文原文为准。

# 成本优化中心和 Organiz Amazon ations 可信访问
<a name="coh-trusted-access"></a>

当您选择加入组织的管理账户并包括组织内的所有成员账户时，您的组织账户中将自动启用成本优化中心的可信访问权限。每次访问成员账户的建议时，成本优化中心都会验证您的组织账户中是否已启用可信访问权限。如果您在选择加入后禁用成本优化中心可信访问，则成本优化中心会拒绝访问组织成员账户的建议。此外，组织内的成员账户不会选择加入成本优化中心。要重新启用可信访问，请使用组织的管理账户再次选择加入成本优化中心，并将组织内的所有成员账户包括在内。有关更多信息，请参阅 [Opting in your account](https://docs.amazonaws.cn/cost-management/latest/userguide/coh-getting-started.html#coh-access)。有关 Organiz Amazon ations 可信访问的更多信息，请参阅《[Amazon 组织*用户指南》中的将Amazon 组织*与其他 Amazon 服务结合使用](https://docs.amazonaws.cn/organizations/latest/userguide/orgs_integrate_services.html)。

## 管理账户策略
<a name="coh-management-account-policy"></a>

此策略提供了管理账户选择加入成本优化中心并完全访问该服务所需的所有权限。

------
#### [ JSON ]

****  

```
{
    "Version":"2012-10-17",		 	 	 
    "Statement": [
        {
            "Sid": "CostOptimizationHubAdminAccess",
            "Effect": "Allow",
            "Action": [
                "cost-optimization-hub:ListEnrollmentStatuses",
                "cost-optimization-hub:UpdateEnrollmentStatus",
                "cost-optimization-hub:GetPreferences",
                "cost-optimization-hub:UpdatePreferences",
                "cost-optimization-hub:GetRecommendation",
                "cost-optimization-hub:ListRecommendations",
                "cost-optimization-hub:ListRecommendationSummaries",
                "organizations:EnableAWSServiceAccess"
            ],
            "Resource": "*"
        },
        {
            "Sid": "AllowCreationOfServiceLinkedRoleForCostOptimizationHub",
            "Effect": "Allow",
            "Action": [
                "iam:CreateServiceLinkedRole"
            ],
            "Resource": [
                "arn:aws:iam::*:role/aws-service-role/cost-optimization-hub.bcm.amazonaws.com/AWSServiceRoleForCostOptimizationHub"
            ],
            "Condition": {
                "StringLike": {
                    "iam:AWSServiceName": "cost-optimization-hub.bcm.amazonaws.com"
                }
            }
        },
        {
            "Sid": "AllowAWSServiceAccessForCostOptimizationHub",
            "Effect": "Allow",
            "Action": [
                "organizations:EnableAWSServiceAccess"
            ],
            "Resource": "*",
            "Condition": {
                "StringLike": {
                    "organizations:ServicePrincipal": [
                        "cost-optimization-hub.bcm.amazonaws.com"
                    ]
                }
            }
        }
    ]
}
```

------

## 成员账户策略
<a name="coh-member-account-policy"></a>

此策略提供了成员账户完全访问成本优化中心所需的权限。

------
#### [ JSON ]

****  

```
{
    "Version":"2012-10-17",		 	 	 
    "Statement": [
        {
            "Sid": "CostOptimizationHubAdminAccess",
            "Effect": "Allow",
            "Action": [
                "cost-optimization-hub:ListEnrollmentStatuses",
                "cost-optimization-hub:UpdateEnrollmentStatus",
                "cost-optimization-hub:GetPreferences",
                "cost-optimization-hub:UpdatePreferences",
                "cost-optimization-hub:GetRecommendation",
                "cost-optimization-hub:ListRecommendations",
                "cost-optimization-hub:ListRecommendationSummaries"
            ],
            "Resource": "*"
        }
    ]
}
```

------