1. To your container, add a new volume
2. Name: ‘docker_sock’, source path: ‘/var/run/docker.sock’
3. In Storage and Logging section, add new mount point
4. Select ‘docker_sock’, container path: ‘/var/run/docker.sock’

And that’s it. No need to give privileged access, and if you run docker commands directly from inside the container there’s no need to change IAM policy.