No, although, depending on implementation details it should work.
The second localnet should be 10.0.0.0/255.0.0.0, or 10.8.0.1/255.255.255.255, or somewhere in between. The second one should be 172.X.X.X/255.255.255.255, although, it seems more likely that there would be equivalent numbers of trailing zero bits on both numbers. Looking up thread, and assuming the /8 is more correct, you should have written 10.0.0.0/8 and used 10.0.0.0/255.
canreinvite is obsolete and should be replaced by directmedia
tcpbindaddr is redundant if tcpenable=no
(If the VPN is routable to other local networks, and you have devices on those, you should include localnet for those as well.
You should consider whether directmedia=nonat is better than directmedia=nat, as a cloud server is going to be hostile for good quality RTP and offloading as much of it as possible is desirable.