# Amazon Cost Optimization Hub and Amazon Organizations
<a name="services-that-can-integrate-coh"></a>

Amazon Cost Optimization Hub is an Amazon Billing and Cost Management feature that helps you consolidate and prioritize cost optimization recommendations across your Amazon accounts and Amazon Regions, so that you can get the most out of your Amazon spend. When you use Cost Optimization Hub with Amazon Organizations you can easily identify, filter, and aggregate Amazon cost optimization recommendations across your Organizations member accounts and Amazon Regions. 

For more information, see [ Cost Optimization Hub ](https://docs.amazonaws.cn/cost-management/latest/userguide/cost-optimization-hub.html) in the *Amazon Cost Management User Guide*.

Use the following information to help you integrate Amazon Cost Optimization Hub with Amazon Organizations.



## Service-linked roles created when you enable integration
<a name="integrate-enable-slr-coh"></a>

The following [service-linked role](https://docs.amazonaws.cn/IAM/latest/UserGuide/using-service-linked-roles.html) is automatically created in your organization's management account when you enable trusted access. This role allows Cost Optimization Hub to perform supported operations within your organization's accounts in your organization.

You can delete or modify this role only if you disable trusted access between Cost Optimization Hub and Organizations, or if you remove the member account from the organization.

For more information, see [ Service-linked role permissions for Cost Optimization Hub ](https://docs.amazonaws.cn/cost-management/latest/userguide/cost-optimization-hub-SLR.html#cost-optimization-hub-SLR-permissions) in the *Amazon Cost Management User Guide*.
+ `AWSServiceRoleForCostOptimizationHub`

## Service principals used by Cost Optimization Hub
<a name="integrate-enable-svcprin-coh"></a>

Cost Optimization Hub uses the `cost-optimization-hub.bcm.amazonaws.com` service principal.

## Enabling trusted access with Cost Optimization Hub
<a name="integrate-enable-ta-coh"></a>

For information about the permissions needed to enable trusted access, see [Permissions required to enable trusted access](orgs_integrate_services.md#orgs_trusted_access_perms).

When you opt in using your organization's management account and include all member accounts within the organization, trusted access for Cost Optimization Hub is automatically enabled in your organization account. 

You can enable trusted access by using either the Amazon Organizations console, by running a Amazon CLI command, or by calling an API operation in one of the Amazon SDKs.

------
#### [ Amazon Web Services Management Console ]

**To enable trusted service access using the Organizations console**

1. Sign in to the [Amazon Organizations console](https://console.amazonaws.cn/organizations/v2). You must sign in as an IAM user, assume an IAM role, or sign in as the root user ([not recommended](https://docs.amazonaws.cn/IAM/latest/UserGuide/best-practices.html#lock-away-credentials)) in the organization’s management account.

1. In the navigation pane, choose **Services**.

1. Choose **Amazon Cost Optimization Hub** in the list of services.

1. Choose **Enable trusted access**.

1. In the **Enable trusted access for Amazon Cost Optimization Hub** dialog box, type **enable** to confirm, and then choose **Enable trusted access**.

1. If you are the administrator of only Amazon Organizations, tell the administrator of Amazon Cost Optimization Hub that they can now enable that service to work with Amazon Organizations from the service console .

------
#### [ Amazon CLI, Amazon API ]

**To enable trusted service access using the OrganizationsCLI/SDK**  
Use the following Amazon CLI commands or API operations to enable trusted service access:
+ Amazon CLI: [enable-aws-service-access](https://docs.amazonaws.cn/cli/latest/reference/organizations/enable-aws-service-access.html)

  Run the following command to enable Amazon Cost Optimization Hub as a trusted service with Organizations.

  ```
  $ aws organizations enable-aws-service-access \ 
      --service-principal cost-optimization-hub.bcm.amazonaws.com
  ```

  This command produces no output when successful.
+ Amazon API: [EnableAWSServiceAccess](https://docs.amazonaws.cn/organizations/latest/APIReference/API_EnableAWSServiceAccess.html)

------

## Disabling trusted access
<a name="integrate-disable-ta-coh"></a>

For information about the permissions needed to disable trusted access, see [Permissions required to disable trusted access](orgs_integrate_services.md#orgs_trusted_access_disable_perms).

You can only disable trusted access using the Organizations tools.

**Important**  
 If you disable Cost Optimization Hub trusted access after you opt in, Cost Optimization Hub denies access to recommendations for your organization's member accounts. Moreover, the member accounts within the organization aren't opted in to Cost Optimization Hub. Learn more in [Cost Optimization Hub and Organizations trusted access ](https://docs.amazonaws.cn/cost-management/latest/userguide/coh-trusted-access.html) in the *Amazon Cost Management User Guide*.

You can disable trusted access by running a Organizations Amazon CLI command, or by calling an Organizations API operation in one of the Amazon SDKs.

------
#### [ Amazon CLI, Amazon API ]

**To disable trusted service access using the Organizations CLI/SDK**  
Use the following Amazon CLI commands or API operations to disable trusted service access:
+ Amazon CLI: [disable-aws-service-access](https://docs.amazonaws.cn/cli/latest/reference/organizations/disable-aws-service-access.html)

  Run the following command to disable Amazon Cost Optimization Hub as a trusted service with Organizations.

  ```
  $ aws organizations disable-aws-service-access \
      --service-principal cost-optimization-hub.bcm.amazonaws.com
  ```

  This command produces no output when successful.
+ Amazon API: [DisableAWSServiceAccess](https://docs.amazonaws.cn/organizations/latest/APIReference/API_DisableAWSServiceAccess.html)

------

## Enabling a delegated administrator account for Cost Optimization Hub
<a name="integrate-enable-da-coh"></a>

When you designate a member account to be a delegated administrator for the organization, the designated account can retrieve Cost Optimization Hub recommendations for all accounts under your organization and manage Cost Optimization Hub preferences, giving you greater flexibility to centrally identify resource optimization opportunities. 

**Minimum permissions**  
Only a user or role in the Organizations management account with the following permission can configure a member account as a delegated administrator for Cost Optimization Hub in the organization:

For instructions about enabling a delegated administrator account for Cost Optimization Hub, see [ Delegate an administrator account](https://docs.amazonaws.cn/cost-management/latest/userguide/coh-delegated-admin.html) in the *Amazon Cost Management User Guide*. 

## Disabling a delegated administrator for Cost Optimization Hub
<a name="integrate-disable-da-coh"></a>

 Only an administrator in the Organizations management account can remove a delegated administrator for Cost Optimization Hub. 

To disable the delegated admin Cost Optimization Hub account using the Cost Optimization Hub console, see [ Delegate an administrator account](https://docs.amazonaws.cn/cost-management/latest/userguide/coh-delegated-admin.html) in the *Amazon Cost Management User Guide*.

 To remove a delegated administrator using the Amazon CLI, see [https://docs.amazonaws.cn/cli/latest/](https://docs.amazonaws.cn/cli/latest/) in the *Amazon Config CLI Reference*.