Add compute account instructions

Author: maxvp

src/content/docs/cloudflare-one/applications/casb/troubleshooting/troubleshoot-compute-accounts.mdx

@@ -5,34 +5,80 @@ sidebar:
   order: 2
 ---
 
-import { TabItem, Tabs } from "~/components";
-
 Cloudflare CASB detects when integrations are unhealthy or outdated.
 
 Common integration issues include changes to SaaS app or cloud environment configurations, user access, or permission scope. Integrations may need to be updated to support new features or permissions.
 
-## Identify unhealthy or outdated integrations
+## Upgrade a compute account
+
+Upgrading a compute account applies the latest software features, bug fixes, and infrastructure changes to a cloud compute account. Upgrades should be run periodically to keep the compute account software up to date or when recommended by Cloudflare to address an issue.
+
+To upgrade a compute account:
+
+1. Download the latest Terraform configuration using the "latest templates" API route.
+   1. Navigate to your integration in the CASB Dashboard
+   2. Select the integration you created for cloud scanning
+   3. You should see a "Connect a compute account" module. Click "Open Connection Instructions" Here, you'll be able to see the latest terraform that you can download
+2. Validate that your local machine has the AWS or GCP CLI installed
+3. Validate that an AWS or GCP profile is configured and set to the intended region, and using IAM credentials for a user in the intended AWS or GCP account
+4. Validate that the Terraform state file created during previous Terraform activities for this account is available
+5. Update cached version of the CDS Terraform modules: terraform init --upgrade
+6. Apply the downloaded terraform configuration: terraform apply
+
+## Rotate API tokens
+
+Rotating the API token used by the compute account is useful when there is a security or operational need to use a new API Token. Note that if the API Token is rolled in the Cloudflare Dashboard but isn't updated in the Compute Account, the Compute Account will get unhealthy and stop reporting scan results.
+
+This procedure should be used whenever there is a need to updated the API Token or if the API Token is no longer present in the cloud Compute Account.
+
+Steps
+
+### Roll Token in the Cloudflare Dashboard
+
+1. Log in to the Cloudflare dashboard ↗ and go to My Profile > API Tokens.
+2. Next to the API token you want to roll, select the three dot icon > Roll.
+3. Select Confirm to generate a new API token.
+4. Record the newly created token
+
+### Set API key in Secrets Manager
+
+1. Open the AWS or GCP console and navigate to Secrets Manager
+2. Validate that the region in which Terraform deployed is selected
+   For AWS:
+   Click on the secret cloudflare-cds-secrets, click Retrieve secret value, and Edit
+   Paste in the Cloudflare API key previously created and click Save
+   For GCP:
+   Update the secret following the format below, replacing `<token>` with the recently created token: `{"cloudflare_api_token": "<token>"}`
+   Click Save
+
+### Common issues
+
+#### cloudflare-cds-secrets does not exist in AWS or GCP Secrets Manager
 
-To identify unhealthy CASB integrations, go to **CASB** > **Integrations**. If an integration is unhealthy, CASB will set its status to **Broken**. If an integration is outdated, CASB will set its status to **Upgrade**.
+Validate that the correct region is selected
+Rerun Terraform Apply to recreate the secret
+Apply repeat the steps above to edit the secret's value
 
-## Repair an unhealthy integration
+#### I no longer have access to the API token I created
 
-:::note[Repair limitation]
-If CASB does not support self-service repairs for an integration, you will need to [delete](/cloudflare-one/applications/casb/#delete-an-integration) and recreate the integration to continue scanning.
-:::
+Following the above instructions, roll the API token again and add it to AWS or GCP Secrets Manager
+Validation: On the integration page, if the Compute Account is shown as "Healthy", the problem has been solved.
 
-You can repair unhealthy CASB integrations through your list of integrations or findings.
+## Troubleshoot an unhealthy compute account
 
-1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **CASB** > **Integrations**.
-2. Choose your unhealthy integration.
-3. Select **Reauthorize**.
-4. In your SaaS app or cloud environment, reauthorize your account.
+When a Compute Account becomes unhealthy, new scan configuration changes will not be put into use and new scan results will not appear in the dashboard.
 
-## Upgrade an integration
+The following steps should be used when a Compute Account is appearing with the "Unhealthy" badge within the CASB Integration page. Example:
 
-Upgrading an outdated integration will allow the integration to access new features and permissions.
+Steps
+Rerun Terraform Apply
+Navigate to a directory that contains the Terraform state file created during previous Terraform activity for this Compute Account
+Pull the latest updates:
+terraform init --upgrade
+Recreate/Upgrade any missing resources:
+terraform apply
+After completion, review the health status of the Compute Account to verify recovery. If the Compute Account is now healthy, you can stop here. Else, continue to the next step.
 
-1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **CASB** > **Integrations**.
-2. Choose your outdated integration.
-3. Select **Upgrade integration**.
-4. In your SaaS app or cloud environment, upgrade your app and reauthorize your account.
+Roll API Token
+Follow the steps listed in "Rotating API Tokens" section
+Review the health status of the Compute Account to verify recovery.

src/content/docs/cloudflare-one/applications/casb/troubleshooting/troubleshoot-integrations.mdx

@@ -5,8 +5,6 @@ sidebar:
   order: 1
 ---
 
-import { TabItem, Tabs } from "~/components";
-
 Cloudflare CASB detects when integrations are unhealthy or outdated.
 
 Common integration issues include changes to SaaS app or cloud environment configurations, user access, or permission scope. Integrations may need to be updated to support new features or permissions.