diff --git a/bitbucket-pipelines.yml b/bitbucket-pipelines.yml
index 7e44ea0..e1a9dfd 100644
--- a/bitbucket-pipelines.yml
+++ b/bitbucket-pipelines.yml
@@ -210,9 +210,20 @@ pipelines:
                 "${PROD_SERVER_USER_PROYECTOSACC:-thoth}@${PROD_SERVER_IP_PROYECTOSACC}" \
                 "bash -c 'mkdir -p /home/thoth/deploy/artifacts/current && aws s3 cp s3://${PROD_S3_ARTIFACTS_BUCKET}/main/proyectosacc-app.jar /home/thoth/deploy/artifacts/current/proyectosacc-app.jar && chown osiris:osiris /home/thoth/deploy/artifacts/current/proyectosacc-app.jar'"
 
+      - step:
+          name: 06b_notify_approval
+          script:
+            - set -euo pipefail
+            - export TELEGRAM_BOT_TOKEN="${PROD_TELEGRAM_BOT_TOKEN}"
+            - export TELEGRAM_CHAT_ID="${PROD_TELEGRAM_CHAT_ID}"
+            - |
+              bash scripts/telegram-pipeline-notify.sh start "⏸️ Pipeline pausado esperando aprobación manual para deploy a PRODUCCIÓN. Ve a Bitbucket > Pipelines > proyectosacc > master para aprobar o rechazar."
+
       - step:
           name: 07_deploy
           oidc: true
+          deployment: production
+          trigger: manual
           script:
             - set -euo pipefail
             - source scripts/aws-oidc-setup.sh prod
@@ -228,4 +239,4 @@ pipelines:
             - aws cloudfront create-invalidation --distribution-id "${CLOUDFRONT_DISTRIBUTION_ID}" --paths "/*"
             - export TELEGRAM_BOT_TOKEN="${PROD_TELEGRAM_BOT_TOKEN}"
             - export TELEGRAM_CHAT_ID="${PROD_TELEGRAM_CHAT_ID}"
-            - bash scripts/telegram-pipeline-notify.sh success "CloudFront invalidado"
+            - bash scripts/telegram-pipeline-notify.sh success "CloudFront invalidado | Deploy a PROD aprobado y completado"