Can I use the IP's in the X-Forwarded-for header to match IP's listed in 'token_bound_cidrs'

My vault server deployment is behind an AWS ELB/ALB which NATs any source IP but will insert an X-Forwarded-For header. I want to restrict tokens to particular source IP ranges, can I use the IP’s in the X-Forwarded-for header to match IP’s listed in ‘token_bound_cidrs’ in an AppRole.

Thanks
Steve