diff --git a/.github/workflows/cd-production.yml b/.github/workflows/cd-production.yml
index bb91a52..2958a79 100644
--- a/.github/workflows/cd-production.yml
+++ b/.github/workflows/cd-production.yml
@@ -8,7 +8,7 @@ on:
 jobs:
   deploy:
     runs-on: ubuntu-latest
-    environment: AWS_PRODUCTION_ENV
+    environment: AWS_ENV
 
     permissions:
       packages: write
@@ -27,9 +27,38 @@ jobs:
           aws-region: ${{ secrets.AWS_REGION }}
 
       - name: Deploy via SSM
+        id: ssm
+        env:
+          BUILD_DIRECTORY: ${{ secrets.BUILD_DIRECTORY }}
+          APP_NAME: ${{ secrets.PM2_APP_NAME }}
+          AWS_REGION: ${{ secrets.AWS_REGION }}
+          INSTANCE_ID: ${{ secrets.EC2_INSTANCE_ID }}
+          ROOT_USER: ${{ secrets.USER }}
         run: |
-          aws ssm send-command \
-            --instance-ids "${{ secrets.EC2_INSTANCE_ID }}" \
+          REMOTE_CMD="export HOME=/home/$ROOT_USER && export NVM_DIR="/home/$ROOT_USER/.nvm" && [ -s "\$NVM_DIR/nvm.sh" ] && \. "\$NVM_DIR/nvm.sh" && git config --global --add safe.directory ${BUILD_DIRECTORY} && set -e && cd ${BUILD_DIRECTORY} && git pull origin main && npm ci && npm run build && sudo -iu ${ROOT_USER} pm2 restart ${APP_NAME}"
+          CMD_ID=$(aws ssm send-command \
+            --instance-ids "$INSTANCE_ID" \
             --document-name "AWS-RunShellScript" \
-            --parameters 'commands=["export HOME=/home/ubuntu && export PATH=/data/.nvm/versions/node/v24.11.0/bin:$PATH && git config --global --add safe.directory ${{ secrets.BUILD_DIRECTORY }} && set -e && cd ${{ secrets.BUILD_DIRECTORY }} && git pull origin main && npm ci && npm run build && sudo -u ubuntu PM2_HOME=/home/ubuntu/.pm2 /data/.nvm/versions/node/v24.11.0/bin/pm2 restart ${{ secrets.PM2_APP_NAME }}"]' \
-            --region ${{ secrets.AWS_REGION }}
+            --parameters commands="[\"$REMOTE_CMD\"]" \
+            --region "$AWS_REGION" \
+            --query 'Command.CommandId' \
+            --output text)
+          echo "cmd_id=$CMD_ID" >> "$GITHUB_OUTPUT"
+
+      - name: Wait for SSM command to finish
+        env:
+          INSTANCE_ID: ${{ secrets.EC2_INSTANCE_ID }}
+          CMD_ID: ${{ steps.ssm.outputs.cmd_id }}
+        run: |
+          WAIT_EXIT=0
+          aws ssm wait command-executed \
+            --command-id "$CMD_ID" \
+            --instance-id "$INSTANCE_ID" || WAIT_EXIT=$?
+
+          aws ssm get-command-invocation \
+            --command-id "$CMD_ID" \
+            --instance-id "$INSTANCE_ID" \
+            --query '{Status:Status,Stdout:StandardOutputContent,Stderr:StandardErrorContent}' \
+            --output json
+
+          exit $WAIT_EXIT
diff --git a/.github/workflows/cd-staging.yml b/.github/workflows/cd-staging.yml
index dd9c2cd..b9ec2c5 100644
--- a/.github/workflows/cd-staging.yml
+++ b/.github/workflows/cd-staging.yml
@@ -8,7 +8,7 @@ on:
 jobs:
   deploy:
     runs-on: ubuntu-latest
-    environment: AWS_STAGING_ENV
+    environment: AWS_ENV
 
     permissions:
       packages: write
@@ -27,9 +27,38 @@ jobs:
           aws-region: ${{ secrets.AWS_REGION }}
 
       - name: Deploy via SSM
+        id: ssm
+        env:
+          BUILD_DIRECTORY: ${{ secrets.BUILD_DIRECTORY }}
+          APP_NAME: ${{ secrets.PM2_APP_NAME }}
+          AWS_REGION: ${{ secrets.AWS_REGION }}
+          INSTANCE_ID: ${{ secrets.EC2_STAGING_INSTANCE_ID }}
+          ROOT_USER: ${{ secrets.USER }}
         run: |
-          aws ssm send-command \
-            --instance-ids "${{ secrets.EC2_INSTANCE_ID }}" \
+          REMOTE_CMD="export HOME=/home/$ROOT_USER && export NVM_DIR="/home/$ROOT_USER/.nvm" && [ -s "\$NVM_DIR/nvm.sh" ] && \. "\$NVM_DIR/nvm.sh" && git config --global --add safe.directory ${BUILD_DIRECTORY} && set -e && cd ${BUILD_DIRECTORY} && git pull origin main && npm ci && npm run build && sudo -iu ${ROOT_USER} pm2 restart ${APP_NAME}"
+          CMD_ID=$(aws ssm send-command \
+            --instance-ids "$INSTANCE_ID" \
             --document-name "AWS-RunShellScript" \
-            --parameters 'commands=["export HOME=/home/ubuntu && export PATH=/data/.nvm/versions/node/v24.11.0/bin:$PATH && git config --global --add safe.directory ${{ secrets.BUILD_DIRECTORY }} && set -e && cd ${{ secrets.BUILD_DIRECTORY }} && git pull origin main && npm ci && npm run build && sudo -u ubuntu PM2_HOME=/home/ubuntu/.pm2 /data/.nvm/versions/node/v24.11.0/bin/pm2 restart ${{ secrets.PM2_APP_NAME }}"]' \
-            --region ${{ secrets.AWS_REGION }}
+            --parameters commands="[\"$REMOTE_CMD\"]" \
+            --region "$AWS_REGION" \
+            --query 'Command.CommandId' \
+            --output text)
+          echo "cmd_id=$CMD_ID" >> "$GITHUB_OUTPUT"
+
+      - name: Wait for SSM command to finish
+        env:
+          INSTANCE_ID: ${{ secrets.EC2_STAGING_INSTANCE_ID }}
+          CMD_ID: ${{ steps.ssm.outputs.cmd_id }}
+        run: |
+          WAIT_EXIT=0
+          aws ssm wait command-executed \
+            --command-id "$CMD_ID" \
+            --instance-id "$INSTANCE_ID" || WAIT_EXIT=$?
+
+          aws ssm get-command-invocation \
+            --command-id "$CMD_ID" \
+            --instance-id "$INSTANCE_ID" \
+            --query '{Status:Status,Stdout:StandardOutputContent,Stderr:StandardErrorContent}' \
+            --output json
+
+          exit $WAIT_EXIT