I'm new to a large AWS deployment where stuff is mostly deployed through CloudFormation (and some through Terraform). But there are always cases where something has been deployed manually and not through code. Is there a reliable way to quickly figure out if a resource (say, an EC2 instance) already existing in the deployment was deployed through IaC or manually? A CloudFormation-specific answer will be good enough for now.

Going through literally hundreds of CloudFormation stacks manually and looking for the resource is not an option.

You can identify the resources created by cloudformation. Cloudformation applies few default tags as mentioned here

aws:cloudformation:logical-id

aws:cloudformation:stack-id

aws:cloudformation:stack-name

You can run a script to check whether the resource contain one/all of these tags to update your count.

Offical documentation on resource tags

Unfortunately looking at an AWS resource you don't see how it got created. While some resources might have been tagged by CloudFormation indicating that they got created by a CloudFormation stack, that's only valid for a subset of resources.

The only reliable way to figure out whether or not a resource got created via a CloudFormation stack is to go through all CloudFormation stacks and check whether or not the resource in question is a part of it. While that might be cumbersome when doing manually, it's also something you can automate using the AWS CLI.

It may not have been possible at the time the original question was posted, but today I occasionally have some success using the AWS CLI to describe stack resources of specific resources.

If the resource is part of a CloudFormation stack it returns information about the stack.

Example: aws cloudformation describe-stack-resources --physical-resource-id arn:aws:ecs:eu-west-2:12345678910:task-definition/my-ecs-task-definition:1

ref: https://docs.aws.amazon.com/cli/latest/reference/cloudformation/describe-stack-resources.html