Troubleshoot compute accounts
Cloudflare CASB detects when compute accounts are unhealthy or outdated. Common compute account issues include security or functionality updates and API token misconfigurations.
To identify unhealthy compute accounts:
- In Zero Trust ↗, go to CASB > Integrations.
- Choose the integration you created for cloud scanning.
- Select Manage compute accounts.
CASB will display the status of each compute account next to its name. If a compute account is broken or outdated, CASB will set its status to Unhealthy. If the status is Healthy, no action is required.
When CASB marks a compute account as Unhealthy, CASB will not use new scan configuration changes and new scan results will not appear in the dashboard.
To repair a compute account marked as Unhealthy, first upgrade the compute account. If the compute account is still unhealthy, roll your API token.
Upgrading a compute account applies the latest software features, bug fixes, and infrastructure changes to a cloud compute account. You should run upgrades periodically to keep the compute account software up to date or when recommended by Cloudflare to address an issue. CASB deploys compute account upgrades through Terraform updates.
To upgrade a compute account:
- In Zero Trust ↗, go to CASB > Integrations.
- Choose the integration you created for cloud scanning.
- Select Open connection instructions.
- Follow the instructions provided to validate your local Terraform and CLI configuration.
- Under Step 2: Deploy Terraform Configuration, copy the template to your local configuration. This template will be the most up to date version of the integration's Terraform configuration.
- In a local terminal, update the cached version of the CDS Terraform modules:
Terminal window terraform init --upgrade - Apply the upgraded Terraform configuration to your compute account:
Terminal window terraform apply
You may need to roll the Cloudflare API token used for your compute account if a security or operational issue appears, your API token is compromised, or your API token is removed from your compute account.
If your token is lost or compromised, you can either create a new token or roll your token to generate a new secret. Rolling your API token into a new one will invalidate the previous token, but the access and permissions will be the same as the previous API token.
To roll your API token:
- Log in to the Cloudflare dashboard ↗ and go to My Profile > API Tokens.
- Next to the API token you want to roll, select the three dot icon > Roll.
- Select Confirm to generate a new API token.
- Copy your API token.
Once you roll your API token in Cloudflare, you can update the API token value in your secrets manager for Amazon Web Services (AWS) ↗ or Google Cloud Platform (GCP) ↗.
To recreate the secret in your compute account:
- Validate that you selected the correct region.
- Upgrade the compute account to recreate the secret.
- Update the secret value in your compute account.
Roll your Cloudflare API token and add it to your compute account. If the status of the compute account is set to Healthy, the issue has been solved.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark