The most secure way for the company to access customer AWS accounts is by having customers create an IAM role in their account with the necessary read-only permissions for EC2 and CloudWatch, and configure a trust policy to the company's account. This method ensures that access is controlled and audited by the customers, and it leverages temporary credentials that can be rotated and managed via AWS IAM securely. Storing long-term credentials or using less integrated solutions like Amazon Cognito would be less secure.