Custom Gitlab runner with docker+machine executor - can't get it to authenticate with ECR

I have setup a custom runner with docker+machine executor. The machine is an EC2 spot instance. When it comes up, it installes docker ecr credentials helper. When I ssh to this machine, I can successfully pull the image from a private ECR. When the docker executor comes up, it fails to pull the image due to no basic auth credentials error.

Docker executor configs:

[runners.docker]
    disable_cache = false
    image = "docker:latest"
    privileged = true
    pull_policy = ["if-not-present"]
    shm_size = 0
    tls_verify = false
    volumes = ["/cache","/certs/client","/root/.docker/config.json:/root/.docker/config.json", "/root/.docker/config.json:/home/ubuntu/.docker/config.json"]
    services_privileged = true

What am I missing here?

I see that gitlab runner is having this issue for years now: