When an EC2 instance is unreachable via SSH or SSM, the serial console output and console screenshots are still available through the AWS CLI with no network access to the instance required.
TIL
Today I Learned: single discoveries, quick wins, and things that surprised me.
kubectl debug injects a fresh container into a running pod. It doesn't exec into the existing one. This matters when your app container has no shell.