Starting with 1.12, Docker Swarm Mode is a built-in solution with built-in key/value store. Easier to get started, and fewer ports to configure.
- TCP port 2377 for cluster management & raft sync communications
- TCP and UDP port 7946 for "control plane" gossip discovery communication
- UDP port 4789 for "data plane" VXLAN overlay network traffic
AWS Tip: You should use Security Groups in AWS's "source" field rather then subnets, so SG's will all dynamically update when new nodes are added.