diff --git a/data_safe_haven/resources/workspace/ansible/host_vars/localhost.yaml b/data_safe_haven/resources/workspace/ansible/host_vars/localhost.yaml
index 1baab38e7f..f6900fcd7c 100644
--- a/data_safe_haven/resources/workspace/ansible/host_vars/localhost.yaml
+++ b/data_safe_haven/resources/workspace/ansible/host_vars/localhost.yaml
@@ -137,12 +137,10 @@ deb_packages:
     - source: https://download1.rstudio.org/electron/jammy/amd64
       filename: rstudio-2024.04.2-764-amd64.deb
       sha256: 1d0bd2f54215f514a8a78a4d035c7804218bb8fafa417aa5083d341e174e6452
-      creates: /usr/bin/rstudio
   noble:
     - source: https://download1.rstudio.org/electron/jammy/amd64
       filename: rstudio-2024.04.2-764-amd64.deb
       sha256: 1d0bd2f54215f514a8a78a4d035c7804218bb8fafa417aa5083d341e174e6452
-      creates: /usr/bin/rstudio
 
 snap_packages:
   - name: codium
diff --git a/data_safe_haven/resources/workspace/ansible/install_deb.sh b/data_safe_haven/resources/workspace/ansible/install_deb.sh
deleted file mode 100644
index c3d4fb9919..0000000000
--- a/data_safe_haven/resources/workspace/ansible/install_deb.sh
+++ /dev/null
@@ -1,33 +0,0 @@
-#! /bin/bash
-
-# Require three arguments: remote name, debfile name and sha256 hash
-if [ $# -ne 3 ]; then
-    echo "FATAL: Incorrect number of arguments"
-    exit 1
-fi
-PACKAGE_REMOTE=$1
-PACKAGE_DEBFILE=$2
-PACKAGE_HASH=$3
-
-# Download and verify the .deb file
-echo "Downloading and verifying deb file ${PACKAGE_DEBFILE}"
-mkdir -p /tmp/build/
-wget -nv "${PACKAGE_REMOTE}/${PACKAGE_DEBFILE}" -P /tmp/build/
-ls -alh "/tmp/build/${PACKAGE_DEBFILE}"
-echo "$PACKAGE_HASH /tmp/build/${PACKAGE_DEBFILE}" > "/tmp/${PACKAGE_DEBFILE}_sha256.hash"
-if [ "$(sha256sum -c "/tmp/${PACKAGE_DEBFILE}_sha256.hash" | grep FAILED)" != "" ]; then
-    echo "FATAL: Checksum did not match expected for $PACKAGE_DEBFILE"
-    exit 1
-fi
-
-# Wait until the package repository is not in use
-while ! apt-get check >/dev/null 2>&1; do
-    echo "Waiting for another installation process to finish..."
-    sleep 1
-done
-
-# Install and cleanup
-echo "Installing deb file: ${PACKAGE_DEBFILE}"
-apt install -y "/tmp/build/${PACKAGE_DEBFILE}"
-echo "Cleaning up"
-rm "/tmp/build/${PACKAGE_DEBFILE}"
diff --git a/data_safe_haven/resources/workspace/ansible/tasks/install_deb.yaml b/data_safe_haven/resources/workspace/ansible/tasks/install_deb.yaml
new file mode 100644
index 0000000000..eea2283ba4
--- /dev/null
+++ b/data_safe_haven/resources/workspace/ansible/tasks/install_deb.yaml
@@ -0,0 +1,13 @@
+---
+
+- name: Fetch deb
+  ansible.builtin.get_url:
+    url: "{{ item.source }}/{{ item.filename }}"
+    dest: /tmp/build/
+    checksum: "sha256:{{ item.sha256 }}"
+  register: debfile
+
+- name: Install deb
+  ansible.builtin.apt:
+    deb: "{{ debfile.dest }}"
+    state: present
diff --git a/data_safe_haven/resources/workspace/ansible/tasks/packages.yaml b/data_safe_haven/resources/workspace/ansible/tasks/packages.yaml
index e71d371b22..9b01bfa6c8 100644
--- a/data_safe_haven/resources/workspace/ansible/tasks/packages.yaml
+++ b/data_safe_haven/resources/workspace/ansible/tasks/packages.yaml
@@ -21,10 +21,8 @@
 
 - name: Install deb packages
   tags: deb
-  ansible.builtin.script:
-    executable: /bin/bash
-    cmd: "/var/local/ansible/install_deb.sh {{ item.source }} {{ item.filename }} {{ item.sha256 }}"
-    creates: "{{ item.creates }}"
+  ansible.builtin.include_tasks:
+    file: tasks/install_deb.yaml
   loop: "{{ deb_packages[ansible_facts.distribution_release] }}"
 
 - name: Install snap packages