无法使用 Gitlab CI 将 docker 镜像推送到 ECR

我已经设置了

gitlab-ci.yaml

将 docker 镜像推送到 ECR。以下是脚本文件定义。

image: 
  name: registry.gitlab.com/gitlab-org/cloud-deploy/aws-base:latest
  entrypoint: 
    - '/usr/bin/env'

stages:
  - build
  - deploy
services:
  - docker:dind

before_script:
  - >
    STS=($(aws sts assume-role-with-web-identity
    --role-arn arn:aws:iam::831955480324:role/gitlab-aws-access-role
    --role-session-name "GitLabRunner-${CI_PROJECT_ID}-${CI_PIPELINE_ID}"
    --web-identity-token $CI_JOB_JWT_V2
    --duration-seconds 3600
    --query 'Credentials.[AccessKeyId,SecretAccessKey,SessionToken]'
    --output text))
  - export AWS_ACCESS_KEY_ID="${STS[0]}"
  - export AWS_SECRET_ACCESS_KEY="${STS[1]}"
  - export AWS_SESSION_TOKEN="${STS[2]}"
  - TOKEN=$(base64 <<< $CI_JOB_JWT_V2)
  - echo $TOKEN
  - echo ${AWS_SESSION_TOKEN}
  - aws sts get-caller-identity
  - aws s3 ls

Build:
  stage: build
  services:
  - docker:dind
  script:
    - docker pull $CI_REGISTRY_IMAGE:latest || true
    - >
      docker build
      --pull
      --cache-from $CI_REGISTRY_IMAGE:latest
      --label "org.opencontainers.image.title=$CI_PROJECT_TITLE"
      --label "org.opencontainers.image.url=$CI_PROJECT_URL"
      --label "org.opencontainers.image.created=$CI_JOB_STARTED_AT"
      --label "org.opencontainers.image.revision=$CI_COMMIT_SHA"
      --label "org.opencontainers.image.version=$CI_COMMIT_REF_NAME"
      --tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
      .
    - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
Deploy:
  variables:
    GIT_STRATEGY: none
  stage: deploy
  only:
    - master
  script:
    - docker pull $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
    - docker tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA $CI_REGISTRY_IMAGE:latest
    - docker push $CI_REGISTRY_IMAGE:latest

aws s3

命令工作正常，但 docker 命令不起作用。我收到以下错误：

Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running? 

我需要同时使用 docker 和 aws 镜像。一个用于构建 docker 镜像，另一个用于将镜像推送到 ECR。正确的方法是什么？我哪里出错了？