Develop your solutions so they will never require you to touch anything except CloudFormation. If you have bastion hosts or other jobs that run maintenance tasks script that and include the resp. scripts in the metadata of LaunchConfigurations. If you need to make changes at runtime, do them directly in your CloudFormation templates.
Use LaunchConfigurations and AutoScaling Groups over EC2 instances. If you need an sftp server or a bastion host, script it’s LaunchConfiguration and place it into an AutoScaling Group of min/desired/max 1/1/2 with an ELB and let CloudFormation take care of it. The instance goes bad – trigger its termination and wait a few minutes and your new instance is ready to roll.