Hello @Aayush Shah ,
It seems there is a policy with name " Allowed resource types " on your subscription at Management Scope level
The command az cosmosdb create will try to create a resource of type Microsoft.DocumentDB/databaseAccounts .
As per your policy definition , that particular resource type is not allowed on your subscription , that's the reason for the failure.
From the detailed error message , if you see the target allowed values are : "targetValue": [ "microsoft.compute/virtualmachinescalesets", "Microsoft.ContainerInstance/containerGroups", "microsoft.containerregistry/registries", "microsoft.containerregistry/registries/replications", "microsoft.containerservice/managedclusters", "microsoft.insights/components", "microsoft.keyvault/vaults", "Microsoft.MachineLearningServices/workspaces", "Microsoft.MachineLearningServices/workspaces/datastores", "microsoft.managedidentity/userassignedidentities", "microsoft.network/applicationgateways", "microsoft.network/dnszones", "Microsoft.Network/dnszones/A", "Microsoft.Network/dnszones/AAA", "Microsoft.Network/dnszones/all", "Microsoft.Network/dnszones/CAA", "Microsoft.Network/dnszones/CNAME", "Microsoft.Network/dnszones/MX", "Microsoft.Network/dnszones/NS", "Microsoft.Network/dnszones/PTR", "Microsoft.Network/dnszones/recordsets", "Microsoft.Network/dnszones/SOA", "Microsoft.Network/dnszones/SRV", "Microsoft.Network/dnszones/TXT", "microsoft.network/loadbalancers", "microsoft.network/networksecuritygroups", "microsoft.network/privatednszones", "microsoft.network/privatednszones/virtualnetworklinks", "microsoft.network/privateendpoints", "microsoft.network/publicipaddresses", "microsoft.network/routetables", "microsoft.network/virtualnetworks", "microsoft.operationsmanagement/solutions", "microsoft.operationalinsights/workspaces", "Microsoft.Storage/storageAccounts", "Microsoft.Storage/storageAccounts/blobServices", "Microsoft.Storage/storageAccounts/fileServices", "Microsoft.Storage/storageAccounts/queueServices", "Microsoft.Storage/storageAccounts/tableServices", "Microsoft.Storage/storageAccounts/blobServices/containers", "Microsoft.Storage/storageAccounts/fileServices/shares", "microsoft.web/connections"]
In the above list Microsoft.DocumentDB/databaseAccounts is not an allowed value.
To mitigate this:-
Your Subscription admin might have set a policy that disallows the creation of Microsoft.DocumentDB/databaseAccounts resources. So ask your Admin to add that resource type in the list of allowed types in that particular Policy definition.
In the Azure Portal -> Go to Policy -> Definitions -> Search for the name of the policy (i.e. Allowed Resource types)
More details about the policy error message can be found at : https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/error-policy-requestdisallowedbypolicy#solution
Basics of Azure Policy: https://learn.microsoft.com/en-us/azure/governance/policy/overview
Let us know if you have additional questions.
Regards,
Shiva.