This creates a selfsigned certificate/key pair an upload it to AWS iam for use in ELBs and the like

selfsigned_to_aws.sh

#!/bin/bash

DOMAIN=$1

openssl req -new -subj '/CN=${DOMAIN}/O=ACME./C=ES' -newkey rsa:2048 -days 365 -nodes -x509 -keyout ${DOMAIN}.key -out ${DOMAIN}.crt

if aws iam list-server-certificates --query "ServerCertificateMetadataList[*].ServerCertificateName" --output text | grep -q ${DOMAIN} ; then
  aws iam delete-server-certificate --server-certificate-name ${DOMAIN}
fi

aws iam upload-server-certificate --server-certificate-name ${DOMAIN} --certificate-body file://${DOMAIN}.crt --private-key file://${DOMAIN}.key --query "ServerCertificateMetadata.[ServerCertificateName,Expiration,Arn]" --output text