Hi, I have a .gitlab-ci.yml file like the following:

image: gitlab.myregistry.com/my-image:latest

variables:
  DOCKER_DRIVER: overlay2
  DOCKER_TLS_CERTDIR: ""

stages:
  - init

initialize:
  stage: init
  services:
    - 123456789.dkr.ecr.us-east-1.amazonaws.com/my-docker-dind:latest
  script:
    - npm run init

As you can see I am using a private docker-dind image hosted on Amazon ECR as a service. Unfortunately GitLab gives me the following error:

ERROR: Preparation failed: Error response from daemon: Get https://123456789.dkr.ecr.us-east-1.amazonaws.com/v2/my-docker-dind/manifests/latest: no basic auth credentials (executor_docker.go:188:0s)

The GitLab runner has amazon-ecr-credential-helper installed, docker-credential-ecr-login binary is available on PATH and the following configuration

{
	"credsStore": "ecr-login"
}

has been added to ~/.docker/config.json file.

Also I have added the following in /etc/gitlab-runner/config.toml:

[[runners]]
  name = "my-runner"
  url = "https://gitlab.my.com"
  token = "xyz"
  executor = "docker"
  environment = ["DOCKER_AUTH_CONFIG={ \"credsStore\": \"ecr-login\" }"]

The Gitlab runner has an IAM attached with the proper permissions to push/pull images from AWS ECR registry.

Anyone can help me understand what I am missing here? Why GitLab isn’t able to authenticate with ECR an pull the image?