Subnet is not creating with terraform on azure, how to fix it?

The subnet is failing to be created because it is not compliant with a policy your administrators have applied. This indicates that the subnet must have an NSG applied to it before it can be created. Unfortunately the way Terraform does creation of the resources is that you create the subnet first, then associate the NSG with it. This is two API calls, and the first one is failing because it doesn't have an NSG associated with it. Policy is not aware that a second call is coming to associate the NSG with the subnet.

This is the downside to the way Terraform builds on top of the ARM API. There isn't a great solution to this, other than getting your admins to relax this policy.

Edit:

So looking at this issue which is pretty similar to what you are seeing, it seems you can work around this by defining your subnets inside your virtual_network resource, rather than as separate subnet resources. Using this you can define the NSG association inline and it this may do it in a single cale:

resource "azurerm_virtual_network" "example" {
  name                = "virtualNetwork1"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  address_space       = ["10.0.0.0/16"]
  dns_servers         = ["10.0.0.4", "10.0.0.5"]

  ddos_protection_plan {
    id     = azurerm_network_ddos_protection_plan.example.id
    enable = true
  }


  subnet {
    name           = "subnet3"
    address_prefix = "10.0.3.0/24"
    security_group = azurerm_network_security_group.example.id
  }

  tags = {
    environment = "Production"
  }
}