Security Group for EC2 on public subnet for Code Deploy

Hello.

It works.
If you confirm that HTTP and HTTPS are allowed in the security group's outbound rules, communication from EC2's CodeDeploy Agent to CodeDeploy is possible, so it should work.
https://docs.aws.amazon.com/codedeploy/latest/userguide/instances-ec2-create.html

In a production environment, we recommend restricting access to the SSH, RDP, and HTTP ports, instead of specifying Anywhere 0.0.0.0/0. CodeDeploy does not require unrestricted port access and does not require HTTP access. For more information, see Tips for securing your Amazon EC2 instance.