No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

You probably don't want a future-Region. If this is passed in from config, would you be able to  unwrap the Input to a string? With type checking, you can throw an error if it's a Promise or an Output, and continue only if it's a non-undefined string.
Alternatively you could construct the client inside each preview/up, rather than at construction time. This would save resources; just need to worry about how expensive it is to construct a client.

The future region is not a problem - that can be an `Input`. The problem is with the rest of the parameters eg. `AccessKeyId`, `SecretAccessKey` because they are only available after the role assumption.

I want to pass in a dedicated AWS provider for the resources and create a client from its credentials.

I'm afraid I don't know. In all my use cases, role assumption for use by Pulumi happens before Pulumi is invoked. I work on the theory that if I give Pulumi the necessary credentials to assume a role, then it will use the original credentials for evil and not tell me (I may be exaggerating for effect, here).
Following the principle of least privilege, Pulumi should have only the powers to do its work, at all times. The power to assume the role it needs to do its work can be reserved for different tools (e.g. .credentials, `aws sso`, or similar).

<@U025964HAJH>

&gt; I want to pass in a dedicated AWS provider for the resources and create a client from its credentials.
You can assume a role using the AWS SDK too, so you don't have to pass in a Pulumi AWS provider object. Instead, just pass the role ARN, then <https://docs.aws.amazon.com/IAM/latest/UserGuide/example_sts_AssumeRole_section.html|execute an assume role action using the client> within the dynamic provider.

Also re: the region input value, not sure if you know this already but the dynamic provider's methods will get unwrapped values of the dynamic resource's inputs at runtime. So you just need to declare a version of the inputs interface you are using that uses primitive types. For example, see <https://github.com/pulumi/examples/blob/master/classic-azure-ts-dynamicresource/cdnCustomDomain.ts#L29>.