diff --git a/serverless-bastion/README.md b/serverless-bastion/README.md
index 6503598..00f8c36 100644
--- a/serverless-bastion/README.md
+++ b/serverless-bastion/README.md
@@ -9,6 +9,12 @@ Serverless Bastion
 $ SSH_PASSWORD=
 ```
 
+## Decide enable sudo or not
+
+```
+$ ENABLESUDO=
+```
+
 ## Create a base stack & retrieve the outputs
 
 ```
diff --git a/serverless-bastion/cfn.yaml b/serverless-bastion/cfn.yaml
index 91ec89b..a1a8a22 100644
--- a/serverless-bastion/cfn.yaml
+++ b/serverless-bastion/cfn.yaml
@@ -8,11 +8,15 @@ Metadata:
           default: SSH Configuration
         Parameters:
           - Password
+          - ENABLESUDO
 
 Parameters:
   Password:
     Description: SSH password
     Type: String
+  ENABLESUDO:
+    Description: ENABLESUDO
+    Type: String
 
 Mappings:
   SubnetConfig:
@@ -208,6 +212,8 @@ Resources:
           Environment:
             - Name: SSH_PASSWORD
               Value: !Ref Password
+            - Name: ENABLE_SUDO
+              Value: !Ref ENABLESUDO
           LogConfiguration:
             LogDriver: awslogs
             Options: