diff --git a/installing/installing_aws_upi/installing-aws-upi.adoc b/installing/installing_aws_upi/installing-aws-upi.adoc
index 55af783e0a..165c2148d0 100644
--- a/installing/installing_aws_upi/installing-aws-upi.adoc
+++ b/installing/installing_aws_upi/installing-aws-upi.adoc
@@ -75,4 +75,6 @@ include::modules/cli-install.adoc[leveloffset=+1]
 
 include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
 
+include::modules/installation-approve-csrs.adoc[leveloffset=+1]
+
 include::modules/installation-aws-upi-installation.adoc[leveloffset=+1]
\ No newline at end of file
diff --git a/installing/installing_bare_metal/installing-bare-metal.adoc b/installing/installing_bare_metal/installing-bare-metal.adoc
index f8d87f0c83..62aefa14a2 100644
--- a/installing/installing_bare_metal/installing-bare-metal.adoc
+++ b/installing/installing_bare_metal/installing-bare-metal.adoc
@@ -32,6 +32,8 @@ include::modules/installation-upi-machines-iso.adoc[leveloffset=+1]
 
 include::modules/installation-installing-bare-metal.adoc[leveloffset=+1]
 
+include::modules/installation-approve-csrs.adoc[leveloffset=+1]
+
 include::modules/installation-operators-config.adoc[leveloffset=+1]
 
 //need to put in the registry config module here
diff --git a/installing/installing_vsphere/installing-vsphere.adoc b/installing/installing_vsphere/installing-vsphere.adoc
index 068e1dcfac..a4197b0466 100644
--- a/installing/installing_vsphere/installing-vsphere.adoc
+++ b/installing/installing_vsphere/installing-vsphere.adoc
@@ -32,6 +32,8 @@ include::modules/cli-install.adoc[leveloffset=+1]
 
 include::modules/installation-installing-bare-metal.adoc[leveloffset=+1]
 
+include::modules/installation-approve-csrs.adoc[leveloffset=+1]
+
 include::modules/installation-operators-config.adoc[leveloffset=+1]
 
 //need to put in the registry config module here
diff --git a/machine_management/adding-rhel-compute.adoc b/machine_management/adding-rhel-compute.adoc
index 0a4053aee0..e162656ba8 100644
--- a/machine_management/adding-rhel-compute.adoc
+++ b/machine_management/adding-rhel-compute.adoc
@@ -19,6 +19,8 @@ include::modules/rhel-preparing-node.adoc[leveloffset=+1]
 
 include::modules/rhel-adding-node.adoc[leveloffset=+1]
 
+include::modules/installation-approve-csrs.adoc[leveloffset=+1]
+
 include::modules/rhel-ansible-parameters.adoc[leveloffset=+1]
 
 include::modules/rhel-removing-rhcos.adoc[leveloffset=+2]
\ No newline at end of file
diff --git a/machine_management/more-rhel-compute.adoc b/machine_management/more-rhel-compute.adoc
index 350ef425b9..ce9e874be1 100644
--- a/machine_management/more-rhel-compute.adoc
+++ b/machine_management/more-rhel-compute.adoc
@@ -16,4 +16,6 @@ include::modules/rhel-preparing-node.adoc[leveloffset=+1]
 
 include::modules/rhel-adding-more-nodes.adoc[leveloffset=+1]
 
+include::modules/installation-approve-csrs.adoc[leveloffset=+1]
+
 include::modules/rhel-ansible-parameters.adoc[leveloffset=+1]
\ No newline at end of file
diff --git a/modules/installation-approve-csrs.adoc b/modules/installation-approve-csrs.adoc
new file mode 100644
index 0000000000..ad17302d5f
--- /dev/null
+++ b/modules/installation-approve-csrs.adoc
@@ -0,0 +1,49 @@
+// Module included in the following assemblies:
+//
+// * installing/installing_aws_upi/installing-aws-upi.adoc
+// * installing/installing_bare_metal/installing-bare-metal.adoc
+// * installing/installing_vsphere/installing-vsphere.adoc
+// * machine_management/adding-rhel-compute.adoc
+// * machine_management/more-rhel-compute.adoc
+
+[id="installation-approve-csrs_{context}"]
+= Approving the CSRs for your machines
+
+When you add machines to a cluster, you must approve the pending certificate
+signing requests (CSRs) for the machines that you added.
+
+.Prerequisites
+
+* You added machines to your cluster.
+
+.Procedure
+
+. Review the pending certificate signing requests (CSRs) and ensure that the
+requests are for the machines that you added to the cluster:
++
+----
+$ oc get csr
+
+NAME        AGE     REQUESTOR                                                                   CONDITION
+csr-8b2br   15m     system:serviceaccount:openshift-machine-config-operator:node-bootstrapper   Approved,Issued
+csr-8vnps   15m     system:serviceaccount:openshift-machine-config-operator:node-bootstrapper   Approved,Issued
+csr-b96j4   25s     system:node:ip-10-0-52-215.us-east-2.compute.internal                       Approved,Issued
+csr-bfd72   5m26s   system:node:ip-10-0-50-126.us-east-2.compute.internal                       Pending
+csr-c57lv   5m26s   system:node:ip-10-0-95-157.us-east-2.compute.internal                       Pending
+----
+
+. Approve the CSRs for your cluster machines.
+** To approve them individually, run the following command for each valid
+CSR:
++
+----
+$ oc adm certificate approve <csr_name> <1>
+----
+<1> `<csr_name>` is the name of a CSR from the list of current CSRs.
+
+** If all the CSRs are valid, approve them all by running the following
+command:
++
+----
+$ oc get csr -ojson | jq -r '.items[] | select(.status == {} ) | .metadata.name' | xargs oc adm certificate approve
+----
\ No newline at end of file
diff --git a/modules/installation-aws-upi-installation.adoc b/modules/installation-aws-upi-installation.adoc
index d7552341eb..f3a9ed7da4 100644
--- a/modules/installation-aws-upi-installation.adoc
+++ b/modules/installation-aws-upi-installation.adoc
@@ -24,64 +24,6 @@ $ aws cloudformation delete-stack --stack-name <name> <1>
 ----
 <1> `<name>` is the name of your bootstrap stack.
 
-////
-. View the list of machines in the `openshift-machine-api` namespace:
-+
-----
-$ oc get machines --namespace openshift-machine-api
-NAME                                    INSTANCE   STATE     TYPE        REGION      ZONE         AGE
-test-tkh7l-master-0                                       m4.xlarge   us-east-2   us-east-2a   9m22s
-test-tkh7l-master-1                                       m4.xlarge   us-east-2   us-east-2b   9m22s
-test-tkh7l-master-2                                       m4.xlarge   us-east-2   us-east-2c   9m21s
-test-tkh7l-worker-us-east-2a-qjcxq                        m4.large    us-east-2   us-east-2a   8m6s
-test-tkh7l-worker-us-east-2b-nq8zs                        m4.large    us-east-2   us-east-2b   8m6s
-test-tkh7l-worker-us-east-2c-ww6c6                        m4.large    us-east-2   us-east-2c   8m7s
-----
-+
-Note the `NAME` of each node. Because you manually deployed control plane
-nodes, the master machines are not controlled by the Machine API. Similarly,
-the worker machines are not backed by AWS instances on your subnet. You delete
-each of these machines.
-
-. Delete each of the listed machines:
-+
-----
-$ oc delete machine --namespace openshift-machine-api <node_name> <1>
-machine.machine.openshift.io "<node_name>" deleted
-----
-<1> Specify the name of a master or worker node to delete.
-////
-
-. Review the pending certificate signing requests (CSRs) and ensure that the
-requests are for the machines that you added to the cluster:
-+
-----
-$ oc get csr
-
-NAME        AGE     REQUESTOR                                                                   CONDITION
-csr-8b2br   15m     system:serviceaccount:openshift-machine-config-operator:node-bootstrapper   Approved,Issued
-csr-8vnps   15m     system:serviceaccount:openshift-machine-config-operator:node-bootstrapper   Approved,Issued
-csr-b96j4   25s     system:node:ip-10-0-52-215.us-east-2.compute.internal                       Approved,Issued
-csr-bfd72   5m26s   system:node:ip-10-0-50-126.us-east-2.compute.internal                       Pending
-csr-c57lv   5m26s   system:node:ip-10-0-95-157.us-east-2.compute.internal                       Pending
-----
-
-. Approve the CSRs for your cluster machines.
-** To approve them individually, run the following command for each valid
-CSR:
-+
-----
-$ oc adm certificate approve <csr_name> <1>
-----
-<1> `<csr_name>` is the name of a CSR from the list of current CSRs.
-
-** If all the CSRs are valid, approve them all by running the following
-command:
-+
-----
-$ oc get csr -ojson | jq -r '.items[] | select(.status == {} ) | .metadata.name' | xargs oc adm certificate approve
-----
-
 . Complete the cluster installation:
 +
 ----
diff --git a/modules/installation-installing-bare-metal.adoc b/modules/installation-installing-bare-metal.adoc
index 15e4e4f43e..41e4814f1f 100644
--- a/modules/installation-installing-bare-metal.adoc
+++ b/modules/installation-installing-bare-metal.adoc
@@ -1,6 +1,7 @@
 // Module included in the following assemblies:
 //
 // * installing/installing_bare_metal/installing-bare-metal.adoc
+// * installing/installing_vsphere/installing-vsphere.adoc
 
 [id="installation-installing-bare-metal_{context}"]
 = Creating the cluster
@@ -17,7 +18,6 @@ for your cluster.
 cluster.
 * Your machines have direct internet access.
 
-
 .Procedure
 
 . Start and monitor the installation process:
@@ -55,19 +55,4 @@ worker-1  NotReady  worker  70s  v1.12.4+c53f462
 worker-2  NotReady  worker  69s   v1.12.4+c53f462
 ----
 +
-The output lists all of the machines that you created.
-
-. Review the pending certificate signing requests (CSRs) and ensure that the
-requests are for the machines that you added to the cluster:
-+
-----
-$ oc get csr
-----
-
-. Approve the CSRs for your cluster machines. You can approve them individually
-or, if all the CSRs are valid, approve them all by running the following
-command:
-+
-----
-$ oc get csr -ojson | jq -r '.items[] | select(.status == {} ) | .metadata.name' | xargs oc adm certificate approve
-----
\ No newline at end of file
+The output lists all of the machines that you created.
\ No newline at end of file